From owner-freebsd-questions@FreeBSD.ORG Wed Mar 6 10:37:11 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 7211A67A for ; Wed, 6 Mar 2013 10:37:11 +0000 (UTC) (envelope-from brentgclarklist@gmail.com) Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by mx1.freebsd.org (Postfix) with ESMTP id 0EA9CFDB for ; Wed, 6 Mar 2013 10:37:10 +0000 (UTC) Received: by mail-ee0-f44.google.com with SMTP id l10so5602473eei.3 for ; Wed, 06 Mar 2013 02:37:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=4CrFXZAcUfT+7twI2X9Zm2kkYGLUIQChB3goTAgIimg=; b=xXtoyF41xzRW0GuS7Ilgm4buOSODpkPLyNX0Bd9QNNPI5egHGyW/MuK3xBV4GxYVQS ZHSKUQRYQa7wpi2uTx9JTWsav0EksFr8ReuJkYY5VLdPllJSic7maMndV+8zMjWjXXqG GcVs7ba/NovAnjavkp6xyc450X7KOuwZ7co9Y577qhw9mnFuyzsVTctSLh+VubUE2xev ogY4jgbnvl24qLr/3SV39rGrvn7bDe5dTVrewatehJxx/Ss1866aryKl9YVWOkhoo9kG kCrhTvs2sJMzc9M4rY6CwRe/yHoGobXiRs1p9+oNdWuyiRWpMUOmwMExrByNo+ELtHiU 35Eg== X-Received: by 10.14.173.196 with SMTP id v44mr80240486eel.29.1362566229789; Wed, 06 Mar 2013 02:37:09 -0800 (PST) Received: from [192.168.1.129] (office.cpt1.host-h.net. [196.7.147.49]) by mx.google.com with ESMTPS id u44sm41684047eel.7.2013.03.06.02.37.07 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 06 Mar 2013 02:37:08 -0800 (PST) Message-ID: <51371C8A.8050205@gmail.com> Date: Wed, 06 Mar 2013 12:38:02 +0200 From: Brent Clark User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: OpenVPN vm cant connect to other VM's Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2013 10:37:11 -0000 Hi guys Im struggling with a freebsd vm, that I have that I use for a VPN connection too, from my workstation to my home LAN. And I was wondering if someone could peer review me and my problem. OpenVPN is working beautifully. I.e. I can connect to some services (apache etc) that I run directly on my FreeBSD / openvpn vm. What im now trying to achieve is that I can connect to other VMs / machines on my home LAN. Im using tun for my VPN, and my pf.conf looks like so (please see the nat on ...) [root@freebsd /usr/home/bclark]# cat /etc/pf.conf ext_if="re0" vpn_if="tun0" int_net="10.0.0.0/24" vpn_net="192.168.200.0/24" set skip on lo0 set optimization normal #set block-policy drop set limit { states 20000, frags 10000, src-nodes 20000 } # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. scrub in all # Translation: specify how addresses are to be mapped or redirected. # NAT rules # enabling NAT currently breaks policy based routing #nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if) #nat on tun0 from { 192.168.200.0/24 } to any -> (re0) nat on re0 from { 192.168.200.0/24 } to any -> (re0) table persist block in quick on re0 proto tcp from to any port ssh label "ssh brute" What am I missing? If anyone could assist, it would be appreciated. Kind Regards Brent Clark