I want to access the internet through my openbsd 4.1 gateway via
wireless openvpn. My wireless connection to the internet WITHOUT
openvpn works fine. I can connect to my gateway WITH the openvpn
client on my Windows XP sp 2 laptop just fine. This setup doesn't
use dhcp on tun0 or $int_if, just static IP (I believe openvpn does
a pseudo dhcp on the tun device). The problem is when I try to go
to any website on my laptop, I get nothing. I have a feeling that
it's my pf.conf rules concerning the tun interface or nat.
Below is my configuration files.
=====================================================
/etc/sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4
packets
net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4
multicast packets
=====================================================
/etc/pf.conf
ext_if="fxp0"
int_if="ath0"
set skip on { lo, tun0 }
set block-policy return
scrub in
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy/*"
block in
antispoof quick for { lo, $int_if, tun0 }
pass in on $int_if proto udp from 10.1.1.2 to 10.1.1.1 port 1194
pass in proto icmp
pass out
=====================================================
/var/openvpn/server.conf
daemon
local 10.1.1.1
port 1194
proto udp
dev tun0
ca /var/openvpn/ca.crt
cert /var/openvpn/elvis.crt
key /var/openvpn/elvis.key
dh /var/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway"
push "dhcp-option DNS 68.111.16.30"
push "dhcp-option DNS 68.111.16.25"
push "dhcp-option DNS 68.1.208.30"
ifconfig-pool-persist /var/openvpn/ipp.txt
keepalive 10 120
tls-auth /var/openvpn/ta.key 0
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/openvpn/openvpn-status.log
verb 3
chroot /var/openvpn
