Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Mar 2013 12:13:36 -0700
From:      Michael Sierchio <kudzu@tenebras.com>
To:        Brent Clark <brentgclarklist@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: OpenVPN vm cant connect to other VM's
Message-ID:  <CAHu1Y70NW%2BVQE_tC99J2rWv%2Bf4m6en_Wqgo7v6%2BOEO_gcZBjaA@mail.gmail.com>
In-Reply-To: <51371C8A.8050205@gmail.com>
References:  <51371C8A.8050205@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Are you pushing routes in your server.conf file?

(hint - show, don't tell)

- M

On Wed, Mar 6, 2013 at 2:38 AM, Brent Clark <brentgclarklist@gmail.com> wrote:
> Hi guys
>
> Im struggling with a freebsd vm, that I have that I use for a VPN connection
> too, from my workstation to my home LAN. And I was wondering if someone
> could peer review me and my problem.
>
> OpenVPN is working beautifully. I.e. I can connect to some services (apache
> etc) that I run directly on my FreeBSD / openvpn vm.
>
> What im now trying to achieve is that I can connect to other VMs / machines
> on my home LAN.
>
> Im using tun for my VPN, and my pf.conf looks like so (please see the nat on
> ...)
>
> [root@freebsd /usr/home/bclark]# cat  /etc/pf.conf
> ext_if="re0"
> vpn_if="tun0"
> int_net="10.0.0.0/24"
> vpn_net="192.168.200.0/24"
> set skip on lo0
> set optimization normal
> #set block-policy drop
> set limit { states 20000, frags 10000, src-nodes 20000 }
> # Normalization: reassemble fragments and resolve or reduce traffic
> ambiguities.
> scrub in all
> # Translation: specify how addresses are to be mapped or redirected.
> # NAT rules
> # enabling NAT currently breaks policy based routing
> #nat on $ext_if from { $int_net, $vpn_net } to any -> ($ext_if)
> #nat on tun0 from { 192.168.200.0/24 } to any -> (re0)
> nat on re0 from { 192.168.200.0/24 } to any -> (re0)
>
> table <sshguard> persist
> block in quick on re0 proto tcp from <sshguard> to any port ssh label "ssh
> brute"
>
> What am I missing?
>
> If anyone could assist, it would be appreciated.
>
> Kind Regards
> Brent Clark
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y70NW%2BVQE_tC99J2rWv%2Bf4m6en_Wqgo7v6%2BOEO_gcZBjaA>