>You shouldn't need a firewall to do nat or redirecting. I suspect that: >a) the openvpn server isn't setup for forwarding >b) the clients don't have a correct route established > >I'd suggest that you turn off pf, using pfctl -d and watch what happens >on your em1 interface, as that might also provide a clue (ie tcpdump -ni >em1 ) > >If this assists please provide a reply to the mailing list so others may >benefit. :) > >Regards, Dewayne
It is working now. OpenVPN is configured to push the route: push "route 10.8.1.0 255.255.255.0" to clients. Gateway is not pushed to the client. The line in PF that works is: nat on em1 from 10.8.0.0/24 to any -> (em1) Thanks for the input! Thanks, Manas On Mon, Dec 8, 2014 at 8:52 PM, Dewayne Geraghty < dewayne.gerag...@heuristicsystems.com.au> wrote: > You shouldn't need a firewall to do nat or redirecting. I suspect that: > a) the openvpn server isn't setup for forwarding > b) the clients don't have a correct route established > > I'd suggest that you turn off pf, using pfctl -d and watch what happens > on your em1 interface, as that might also provide a clue (ie tcpdump -ni > em1 ) > > If this assists please provide a reply to the mailing list so others may > benefit. :) > > Regards, Dewayne > > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
