Hello Alessandro,
Can you see any of the traffic on the inside LAN on the client side with
tcpdump?
I.e set tcpdump on $int with
tcpdump -i <nameofinternalinterface> proto icmp
and then try to ping from a server?
Silly suggestion, but....
What about client side firewalls? Do they allow to be pinged?
What is your server.conf file for openvpn and the client conf file?
Simon.
Alessandro Baggi wrote:
Johan Beisser wrote:
On Mon, Jan 25, 2010 at 5:45 AM, Alessandro Baggi
<alessandro.ba...@gmail.com> wrote:
Hi list! I'm setting up a vpn between two openbsd firewall:
This is the scenario:
FW1 FW2
$ext 192.168.1.33 $ext 192.168.1.2
$int 10.1.1.1 $int 192.168.7.1
$host 10.1.3.53 $host2 192.168.7.2
then I've made the certificate, client can contact the server, and
from the
client I can ping a Linux Machine behind the server, and from linux
machine
to client.
Then I've tried to get communication with LAN clients behind the VPN
client
gw. Then, 192.168.7.2 of FW2's VPN can comunicate with 10.1.3.53,
but not
viceversa.
Are you permitting traffic from $host through the firewall?
What's your pf.conf?
Have you verified that your firewalls pass other traffic normally?
Hi Johan. Thanks for the answer. I've reduced my pf.conf on client and
server side to:
ext="rl0"
int="rl1"
nat on $ext from $int:network -> $ext:0
nat on tun0 from $int:network -> tun0:0
pass all
I can ping from client LAN of the vpn client the entire Server side
lan, but not viceversa.
