On 2019-11-13 01:42, Phil Staub wrote:
Hey, it's about time something went our way. tcpdump is there. Here's
what I get:
# tcpdump -ni any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
I can't see in this output which interface each packet was captured on.
Instead of "any", use the name of your external WAN interface
explicitly. If the pings show up there and still has a source address of
10.8.0.x, then it's our confirmation the router does not NAT for other
subnets then its own. It might also be that you don't see any pings at
all there in which case your router simply has dropped those packets
since private ip addresses should not be routed to the Internet. In
either case, we need to figure out how to add a NAT rule for your VPN
subnet in that router... if possible.
/Morgan
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"