Hey there. Im aware of the 100's of posts here and on other forums, I feel like i have been through a large amount of them all.
Problem: I have installed openvpn, and it works and can connect. I can ping google DNS, and see from the response time, that I'm going through the tunnel. How ever, I cannot connect when sourcing from the epair0b interface.
Everything is setup inside a jail
I have sysctl:
So I'm thinking that it either has to do with NAT'ing or firewalling.
ipfw:
ifconfig:
I have had it working before, but had to replace my disk pool, loosing all data, jails etc etc
I can ping the tun interface LAN ip sourcing from the epair0b interface:
But not the tun "wan" ip:
/etc/rc.conf
Problem: I have installed openvpn, and it works and can connect. I can ping google DNS, and see from the response time, that I'm going through the tunnel. How ever, I cannot connect when sourcing from the epair0b interface.
Everything is setup inside a jail
I have sysctl:
Code:
net.inet.ip.forwarding: 1
So I'm thinking that it either has to do with NAT'ing or firewalling.
ipfw:
Code:
root@VPN:~ # ipfw list 00151 nat 10 ip from 10.0.0.0/24 to any out via epair0b 00152 nat 10 ip from any to any in via epair0b 00153 nat 10 ip from any to any in via tun0 00800 allow ip from any to any 65535 allow ip from any to any
ifconfig:
Code:
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 6e:f0:49:bd:91:b7 hwaddr 02:40:91:00:06:0b inet 10.0.0.200 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1<PERFORMNUD> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active groups: epair tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet 10.26.0.6 --> 10.26.0.5 netmask 0xffffffff nd6 options=1<PERFORMNUD> groups: tun Opened by PID 30568
I have had it working before, but had to replace my disk pool, loosing all data, jails etc etc
I can ping the tun interface LAN ip sourcing from the epair0b interface:
Code:
root@VPN:~ # ping -S 10.0.0.200 10.26.0.6 PING 10.26.0.6 (10.26.0.6) from 10.0.0.200: 56 data bytes 64 bytes from 10.26.0.6: icmp_seq=0 ttl=64 time=0.022 ms 64 bytes from 10.26.0.6: icmp_seq=1 ttl=64 time=0.018 ms
But not the tun "wan" ip:
Code:
root@VPN:~ # ping -S 10.0.0.200 10.26.0.5 PING 10.26.0.5 (10.26.0.5) from 10.0.0.200: 56 data bytes ^C --- 10.26.0.5 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss root@VPN:~ #
/etc/rc.conf
Code:
# Enable Firewall ifconfig_epair0b="inet 10.0.0.200 netmask 255.255.255.0" defaultrouter="10.0.0.1" firewall_enable="YES" firewall_type="open" firewall_logging="YES" firewall_script="/home/ipfw/ipfw.rules" gateway_enable="YES" firewall_nat_enable="YES" firewall_nat_interface="epaie0b"+ firewall_nat_enable="YES"
Last edited: