openvpn ( but this mya be illusion )

biglobe Fri, 27 May 2005 22:50:42 -0700

Hi , all .
i am tuyosi takesima , a japanese .

------------------------------------------------------
i sent this before joining "openbsd misc mailing list".
so i sent this again .
------------------------------------------------------


i write the folowing , but it mya be a false illusion .
and so , please teach me mistales when  errors exist .

the network is 

192.168.72.66
|
192.168.72.50
nakajin.dyndns.org:firewall
220.49.236.72(yahoo, dhcp client)
|
internet
|
218.42.120.30(ntt, pppoe)
okou.dyndns.org:firewall
192.168.1.50
|
192.168.1.250

i try ping 192.168.72.66 on 192.168.1.50 , and i manage to succeed .

-----------------------------------
On nakajin.dyndns.org

the main part of pf.conf is the next (okou-add=218.42.120.30) , and i get some 
information from openvpn mailing list .
pass in on $ext proto udp from okou-add/32     to any port {  5000    } keep 
state
# - Allow Ping (not required for OpenVPN connection)
pass in  quick on $ext proto icmp
pass out quick on $ext proto icmp
# Try to allow VPN connections to touch inside
pass in quick on tun1 all
pass out quick on tun1 all
pass in quick on tun1 to any
pass out quick on tun1 to any
pass in quick on $int from tun1


and i run the next two shell script .
# cat openvpn.bat <- i follow ' man  openvpn'  .
/usr/local/sbin/openvpn --remote okou.dyndns.org --dev tun1 --ifconfig 10.4.0.1 
10.4.0.2 --verb 5 --secret /root/openvpn.key   &

# cat route.bat
route add -net 192.168.1.0 10.4.0.2 255.255.255.0

# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:00:e2:10:08:c5
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.72.50 netmask 0xffffff00 broadcast 192.168.72.255
        inet6 fe80::200:e2ff:fe10:8c5%fxp0 prefixlen 64 scopeid 0x1
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:0a:79:28:44:e4
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::20a:79ff:fe28:44e4%rl0 prefixlen 64 scopeid 0x2
        inet 220.49.236.72 netmask 0xfffffc00 broadcast 220.49.239.255
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
tun1: flags=51<UP,POINTOPOINT,RUNNING> mtu 1256
        inet 10.4.0.1 --> 10.4.0.2 netmask 0xffffffff



-------------------------
On okou.dyndns.org

the main part of pf.conf is the next (nakajin-add=2220.49.236.72)

pass in on $ext proto udp from nakajin-add/32 to any port {  5000   } keep state
# - Allow Ping (not required for OpenVPN connection)
pass in  quick on $ext proto icmp
pass out quick on $ext proto icmp
# Try to allow VPN connections to touch inside
pass in quick on tun1 all
pass out quick on tun1 all
pass in quick on tun1 to any
pass out quick on tun1 to any
pass in quick on $int from tun1


and i run the next two shell script .
# cat openvpn.bat
/usr/local/sbin/openvpn --remote nakajin.dyndns.org --dev tun1 --ifconfig 
10.4.0.2 10.4.0.1 --verb 5 --secret /root/openvpn.key   &

# cat route.bat
route add -net 192.168.72.0 10.4.0.1 255.255.255.0

# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:40:26:62:c1:0f
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::240:26ff:fe62:c10f%dc0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:a0:c9:6d:3f:83
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::2a0:c9ff:fe6d:3f83%fxp0 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1454
        inet 218.42.120.30 --> 210.151.249.196 netmask 0xffffffff
tun1: flags=51<UP,POINTOPOINT,RUNNING> mtu 1256
        inet 10.4.0.2 --> 10.4.0.1 netmask 0xffffffff

# ping 192.168.72.66
PING 192.168.72.66 (192.168.72.66): 56 data bytes
64 bytes from 192.168.72.66: icmp_seq=0 ttl=63 time=55.287 ms
64 bytes from 192.168.72.66: icmp_seq=1 ttl=63 time=56.766 ms
--- 192.168.72.66 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 55.287/56.026/56.766/0.776 ms

------------------------------------------------
Homepage :       http://nakajin.dyndns.org
Mail :  [EMAIL PROTECTED]

openvpn ( but this mya be illusion )

Reply via email to