On 2019-11-13 01:42, Phil Staub wrote:
Hey, it's about time something went our way. tcpdump is there. Here's what I get:

# tcpdump -ni any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes


I can't see in this output which interface each packet was captured on. Instead of "any", use the name of your external WAN interface explicitly. If the pings show up there and still has a source address of 10.8.0.x, then it's our confirmation the router does not NAT for other subnets then its own. It might also be that you don't see any pings at all there in which case your router simply has dropped those packets since private ip addresses should not be routed to the Internet. In either case, we need to figure out how to add a NAT rule for your VPN subnet in that router... if possible.

/Morgan
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Reply via email to