Hello,
I have been trying to get gateway redirection to work with OpenVPN. I have one server and one client in the OpenVPN network. I have tried this setup with two separate servers (one running 9.1 and the other running 9.2) and with both, traffic redirection is not successful. I am able to ping the server from the client and vice versa but when I try to ping to a public IP address (e.g. 8.8.8.8), no responses are received.
I have set multiple options in the file /etc/rc.conf:
I have checked
In the file /usr/local/etc/openvpn/server.conf I have:
These are the relevant lines.
There is no firewall enabled on the servers or client.
In tcpdump, these are the relevant lines seen;
It seems to me that the system is not substituting the public IP of the server before sending the packet generated on tun0 outwards through re0. Please let me know if there are additional options that I need to enable, or if you would like to request more information about the setup.
Thank you.
I have been trying to get gateway redirection to work with OpenVPN. I have one server and one client in the OpenVPN network. I have tried this setup with two separate servers (one running 9.1 and the other running 9.2) and with both, traffic redirection is not successful. I am able to ping the server from the client and vice versa but when I try to ping to a public IP address (e.g. 8.8.8.8), no responses are received.
I have set multiple options in the file /etc/rc.conf:
Code:
gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
openvpn_if="tun"
sysctl net.inet.ip.forwarding
which returns 1.In the file /usr/local/etc/openvpn/server.conf I have:
Code:
server 10.0.8.0 255.255.255.0
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
There is no firewall enabled on the servers or client.
In tcpdump, these are the relevant lines seen;
tcpdump -i re0
:
Code:
12:10:04.016046 IP 10.0.8.4 > google-public-dns-a.google.com: ICMP echo request, id 3516, seq 1, length 64
tcpdump -i tun0
Code:
12:10:04.016017 IP 10.0.8.4 > google-public-dns-a.google.com: ICMP echo request, id 3516, seq 1, length 64
It seems to me that the system is not substituting the public IP of the server before sending the packet generated on tun0 outwards through re0. Please let me know if there are additional options that I need to enable, or if you would like to request more information about the setup.
Thank you.