2010/8/6 Andre Keller <a...@list.ak.cx>:
> Dear list members
>
> I've got a small problem with my obenbsd based vpn gateway.
>
> There are 2 physical interfaces (vr0 <- wan, vr1 <- lan) and the openvpn
> tunnel interface (tun0)
>
> VPN clients have an ip address assigned out of the range 10.176.3.0/24,
> LAN clients out of the range 10.176.0.0/23.
>
>
> Now I'd like to NAT the VPN clients to the LAN address of the gateway
> (10.176.0.1) (There are clients in the network whitout a default gateway
> and I do not want to add the 10.176.3.0/24 route to every device in the
> network).
>
> I thought that this is an easy task to accomplish but I do not get the
> nat tun0->vr1 working:
>
> My pf configuration is:
> wan_if = "vr0"
> lan_if = "vr1"
> vpn_if = "tun0"
> lan_net = $lan_if:network
> vpn_net = "10.176.3.0/24"
> pass quick on lo0
> block return log on $wan_if all
> pass out on $wan_if proto icmp all keep state
> pass on $wan_if inet proto icmp all icmp-type 8 code 0
> pass out on $wan_if proto udp all keep state
> pass in on $wan_if proto udp from any to any port { 53 123 1194 }
> pass out on $wan_if proto tcp all modulate state
> pass in on $wan_if proto tcp from any to any port { 22 64321 }
> match out on $wan_if from ($lan_net) nat-to ($wan_if:0)
> match out on $lan_if from $vpn_net nat-to ($lan_if:0)
>
> tcpdump:
> tcpdump -i vr1
> 'icmp'
> tcpdump: listening on vr1, link-type EN10MB
> 15:34:30.524786 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
> 15:34:31.520010 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
> 15:34:32.515313 10.176.3.6 > 10.176.0.4: icmp: echo request (DF)
>
>
> Anyone an idea what i miss?
>
> regards andre
>
>
I have the same problem, the glorious Packet data networks, "route"
all the private networks trought them.-- Atentamente Andris Genovez Tobar / Sistemas Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT http://www.cspmsa.com ageno...@cspmsa.com Jabber: bitfr...@asgard.crice.org Comunidad: http://www.crice.org
