Date: Wed, 13 Nov 2019 09:24:08 +0100 From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= <freebsd-database@pp.dyndns.biz> To: freebsd-pf@freebsd.org Subject: Re: NAT for use with OpenVPN Message-ID: <b574e8e2-a921-99b8-2d2f-b3dc70341ce3@pp.dyndns.biz> In-Reply-To: <CAMnCm8gN9aYgsJQYCuppGQ1M-YPwe1y7kaQCeEcDChrogsXj0w@mail.gmail.com> References: <mailman.6.1573387200.62111.freebsd-pf@freebsd.org> <CAP9XWJm2gAC0VjTejP08X0T8ar_ZS1e7PqjAy8iOMRhfBU_3mA@mail.gmail.com> <6bc9b8ce-3ab3-2b57-510d-67ace0a90259@pp.dyndns.biz> <30f8da8a-de96-f737-fef8-820c6ae2ed16@pp.dyndns.biz> <CAMnCm8i-UOAZoyERUWM%2B38sPvWcwevqM6LBgRGeM8nXjgnbVtQ@mail.gmail.com> <CAMnCm8juj8uPuqfDXWu4rOPjbiK0xrsUUrQn002R639RepQOWg@mail.gmail.com> <7f1fcc2d-4833-7fda-c181-a3d15b16f9ee@pp.dyndns.biz> <CAMnCm8gn3y7ai95%2BtkwdZs2qYndzQaNdpHev4ZdNLyd-bOY4iQ@mail.gmail.com> <0b13ae53-b211-ad2c-1447-225860f73d3a@pp.dyndns.biz> <CAMnCm8jZQi-UKm_-hF8WS0cofq0OWWP_d5No1AbOP8_KgQE5ZA@mail.gmail.com> <baa548e5-7dc3-05cf-0275-902d0193fc21@pp.dyndns.biz> <CAMnCm8iZ4iLJYOUFFpoTpF_=9xpG2=MN77xi%2BtGaSqumHeeqkQ@mail.gmail.com> <8ba7182d-8c4e-e10e-467b-6cf447490151@pp.dyndns.biz> <CAMnCm8gA_V1trdZtpidms54cmf4TL=R2BZ2MP52fJKrjndxtzA@mail.gmail.com> <fa9054ac-b22f-b873-0749-742b73100dba@pp.dyndns.biz> <CAMnCm8gN9aYgsJQYCuppGQ1M-YPwe1y7kaQCeEcDChrogsXj0w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-11-13 01:42, Phil Staub wrote: > Hey, it's about time something went our way. tcpdump is there. Here's > what I get: > > # tcpdump -ni any icmp > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 > bytes > I can't see in this output which interface each packet was captured on. Instead of "any", use the name of your external WAN interface explicitly. If the pings show up there and still has a source address of 10.8.0.x, then it's our confirmation the router does not NAT for other subnets then its own. It might also be that you don't see any pings at all there in which case your router simply has dropped those packets since private ip addresses should not be routed to the Internet. In either case, we need to figure out how to add a NAT rule for your VPN subnet in that router... if possible. /Morgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b574e8e2-a921-99b8-2d2f-b3dc70341ce3>