|
|
Hei!
Thanks for the reply.
On Tuesday 05 December 2006 16:47, Nejc Skoberne wrote:
> > So I'm wondering why is it so - is the problem in PF states or these
Windows
> > machines being OpenVPN clients. Any thoughts, suggestions for what I might
> > try?
>
> Strange. I would consider using WireShark on Windows servers in order to see
the
> packets going in and out of the interfaces.
Unfortunately I don't maintain these servers so I can't monitor any packets on
them.
> Also, it might be a pf sessions
> issue - try passing all packets or at least logging blocked packets and
monitoring
> the pflog interface in realtime with tcpdump.
In PF I have these rules for VPN-traffic (I assume the used macros/variables
are self-explanatory :):
pass on { $int_if, $vpn_if, $bridge_if } proto tcp from $vpn_nets to
$int_if:network flags S/SA keep state
pass on { $int_if, $vpn_if, $bridge_if } proto udp from $vpn_nets to
$int_if:network
pass on { $int_if, $vpn_if, $bridge_if } proto tcp from $int_if:network to
$vpn_nets flags S/SA keep state
pass on { $int_if, $vpn_if, $bridge_if } proto udp from $int_if:network to
$vpn_nets
For ICMP I have a rule:
pass inet proto icmp all icmp-type echoreq keep state
I'm logging PF blockings also and I don't see any packets getting blocked
while I just wait for ICMP reply.
Silver
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00038.html on line 214
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00038.html on line 214
|