From owner-freebsd-pf@freebsd.org Tue Nov 12 14:22:07 2019 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C09481AEFA6 for ; Tue, 12 Nov 2019 14:22:07 +0000 (UTC) (envelope-from pestaub@gmail.com) Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47C91B5gW9z4byp for ; Tue, 12 Nov 2019 14:22:06 +0000 (UTC) (envelope-from pestaub@gmail.com) Received: by mail-ua1-x931.google.com with SMTP id s14so1357809uad.2 for ; Tue, 12 Nov 2019 06:22:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=staub-us.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0DXbyGEkbnaRGqEbUV/irctFkmEUAVw3vUsqcXuSB6Q=; b=cGINO+i8wgpCgZvWoqkgzIR5qFjpJH7cRnMDJeg4FTkPBJ/1HV/KgqxLUBBgIEx2qQ MemLKWqhTkjDB2CzqndUBDMdmv2e61JA08ua0qZ+UZCVlypyNraKGrT6LsM7/LQhVlH9 5ZgpU71aojUAN3tsmEHG2k9FKwvNdabhgDX0oCDqmKXio207qqAUB75Uj9XLd9bqN4g7 trWwW8mc36Jx0VCHQC9bzXKCdUYUXG+0eo5kKOxh8/D2ZE9EbMi9w5PYREslwUM+ZofY lQ5IoO57BVaO+cvkzMQNJZsAjAvs0jEusMG9HES7MWsbZ+b7utgf7MqVI9sh1UtzlJF1 q28A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0DXbyGEkbnaRGqEbUV/irctFkmEUAVw3vUsqcXuSB6Q=; b=JNFHKcn1g3HqBE9Jaug+kxcJDwu7yDt61vEhR0/cbqiu5TARaipFLFTNVKw763Qr/8 miXBM0exi5ngXoyzux4YM1nso0rMj1/sQ/wo6CmPm/L/Vt+hGMXEGo3F9VsJu5p2izGV 5GiQ5IRdTi8HmUOa+UDyaVyB8aSfRHTzR/M3lzRxi/RniWZA42O5VbwoV4kE24tOaAuA Rwuts1dIE/7DsQM0gcwvs6nNKHqY3lFzcgoK0DFU0Zg3OkY/vWLM/dGVsM5PMXniKxWU oK79eqv6GHjNQHYU7jsC6yhbFObm/t6OOEM7aYkAbz1jMW6oZq87ReY7hmoeF5+qZw4K Q4tA== X-Gm-Message-State: APjAAAUMuG9ROxXbE0atRrpORf2wjGv0+nWE62jwLJ/AeDBAGVzvulkj 5bvRvZLc/Z6O7Ab3uRGKumQZ+OSJtg/Xj2y1L/4= X-Google-Smtp-Source: APXvYqwkLJr06ON3TKs7Hl4BRf2kXvt3GqTzoK590FkcK0xBQg7Ppnshp5g7ixgyC/R8pCLJaCjqeA8f2YAGORtdm/M= X-Received: by 2002:ab0:61d7:: with SMTP id m23mr20466148uan.10.1573568524097; Tue, 12 Nov 2019 06:22:04 -0800 (PST) MIME-Version: 1.0 References: <1cebcd5e-d9ed-53db-2d01-c8794933d1c4@pp.dyndns.biz> <80ec074d-7a5d-7016-57e4-f607384d0e20@pp.dyndns.biz> <6bc9b8ce-3ab3-2b57-510d-67ace0a90259@pp.dyndns.biz> <30f8da8a-de96-f737-fef8-820c6ae2ed16@pp.dyndns.biz> <7f1fcc2d-4833-7fda-c181-a3d15b16f9ee@pp.dyndns.biz> In-Reply-To: <7f1fcc2d-4833-7fda-c181-a3d15b16f9ee@pp.dyndns.biz> From: Phil Staub Date: Tue, 12 Nov 2019 09:21:27 -0500 Message-ID: Subject: Re: Fwd: Fwd: NAT for use with OpenVPN To: =?UTF-8?Q?Morgan_Wesstr=C3=B6m?= Cc: freebsd-pf@freebsd.org X-Rspamd-Queue-Id: 47C91B5gW9z4byp X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=staub-us.20150623.gappssmtp.com header.s=20150623 header.b=cGINO+i8; dmarc=none; spf=pass (mx1.freebsd.org: domain of pestaub@gmail.com designates 2607:f8b0:4864:20::931 as permitted sender) smtp.mailfrom=pestaub@gmail.com X-Spamd-Result: default: False [-3.90 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[staub-us.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; DMARC_NA(0.00)[staub.us]; URI_COUNT_ODD(1.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[staub-us.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[1.3.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.70)[ip: (-9.12), ipnet: 2607:f8b0::/32(-2.33), asn: 15169(-2.00), country: US(-0.05)]; FORGED_SENDER(0.30)[phil@staub.us,pestaub@gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[phil@staub.us,pestaub@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Nov 2019 14:22:07 -0000 On Tue, Nov 12, 2019 at 4:35 AM Morgan Wesstr=C3=B6m < freebsd-database@pp.dyndns.biz> wrote: > > Wireless LAN adapter Wi-Fi: > > > > IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) > > I think I've spotted the problem. You're laptop is hooked up to your > local LAN. The NAT in your router can not normally "wrap around" packets > destined to its WAN side and then apply NAT to them, which will be the > case when you try to establish the VPN tunnel from within your LAN. This > is a classic NAT problem and it has hit many, many people in the past > trying to run servers of various kinds on their home LAN and then trying > to access them as if they were somewhere on the outside of the router. > The result will be... well, unpredictable. :) You need to connect your > laptop through its own Internet connection so it has a valid public IP > address. > I understand what you're saying here. I had hoped this wouldn't be a problem, since I didn't have a problem with the VPN in my old router, though I agree that this is NOT the same configuration. The problem I have with this explanation is that when I connect to the VPN from my phone with the WiFi turned off, it connects via an outside IP that is NOT my local router. In this case, the ping of 8.8.8.8 still fails. > Other than that, everything else looks fine including the routing table. > > A small clarification about default gateways. You only have one per > machine normally - not one per interface. Your computer knows what > subnets and machines are connected to every interface in your computer > and will send packets there when appropriate. It's only when it doesn't > know where the destination is it will send it to the default gateway. So > one default gateway per machine is the norm. > OK. I sent a support request to Netgear to ask if it's possible to print the router's routing table. (They had previously confirmed my suspicions about the fact that the VPN keys can't be updated on their "consumer" routers.) We'll see what they say about routing tables, but if It isn't possible, I'm strongly considering re-flashing the firmware to DD-WRT. I believe it has OpenVPN built in that can be configured with your own keys. Still, I would like to see this project through after all the work we have put into it. I certainly appreciate all your help on this! have definitely filled in a lot of blanks in my knowledge. Thanks again, Phil _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >