Internet -> Arris 6141 modem -> Netgear R6400.2 router/firewall ->
threepio.mynetgear.com (FreeBSD)

Ah, you have a standalone SOHO router. That changes things drastically. :)

I assume the computers on your LAN (including FreeBSD) have private IP addresses (192.168.x.x)? In that case your Netgear router is doing the NAT for you and you don't need to worry about that part.

- You need to forward port 1194/udp (or whatever you chose for OpenVPN) in your Netgear router so it points to the IP address of your FreeBSD machine. Consult the router's manual how to do port forwarding.

- The firewall in the Netgear router also needs to allow incoming connections on this port. It's probably setup along with the port forwarding but once again you need to consult the Netgear manual.

- You can disable pf on your FreeBSD machine unless you absolutely want an extra firewall to protect it. I strongly suggest you disable it at this point though until you have the OpenVPN server running. It's protected behind your Netgear router.

So to sum up:

- Configure firewall and port forwarding in your Netgear router.

- Configure the OpenVPN server on FreeBSD.

One caveat to look out for:

I'm not familiar with your Arris modem. Make sure it doesn't do routing and NAT too so you have two layers of NAT since that would complicate things. Make sure your modem is in bridge mode and that your Netgear router has a public IP address on the interface connected to the modem.

Regards
Morgan



_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Reply via email to