* obsd <o...@vanwesten.net> le [23-10-2016 21:13:19 +0200]:
> Op 23-10-2016 om 17:01 schreef Thuban:
> > Hi,
> > I have an openvpn server running and working, but can't
> > go "outside" the server to access the web.
> >
> > To configure the server, I followed this :
> > http://2f30.org/guides/openvpn.html
> >
> > So ip forwarding is ative, vpn port is open, clients can connect to the
> > vpn. But they can't access wwweb.
> >
> > I guess the problem comes from this pf rule :
> >
> > pass out on $ext_if from 10.8.0.0/24 to any nat-to ($ext_if)
> >
> > I've been on this issue for too many hours to have a clear mind on this.
> > Any advice to find why I'm stuck on the server?
> >
> > Regards.
> >
> >
> How about a rule that permits tunnel traffic to go out? How about a rule
> that permits the traffic to come in on the tunnel?
>
Here are the relevant parts of my pf.conf :
ext_if = "re0"
tcp_pass = "{ gopher ipp 8000 }"
udp_pass = "{ 1194 }"
pass in quick on $ext_if proto tcp to any port $tcp_pass keep state
pass in quick on $ext_if proto udp to any port $udp_pass keep state
pass out on $ext_if from 10.8.0.0/24 to any nat-to $ext_if
pass out on $ext_if proto { tcp udp icmp } all modulate state
traffic comes in $ext_if on port 1194. There, it goes in the tunnel.
The nat-to directive forward the traffic to $ext_if, which is supposed
to go out.
I feel I miss something here... :/
--
/Thuban/
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
