[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] openvpn on openbsd with a peculiar setup

  • Subject: [Openvpn-users] openvpn on openbsd with a peculiar setup
  • From: coldfire22x <coldfire22x@xxxxxxxxx>
  • Date: Thu, 9 Dec 2004 14:21:21 -0500

Greetings all,

The ultimate goal: I have an OpenBSD machine setup on my internal
network with one physical interface and an IP address of
 A NAT configuration is setup at the router, i.e., a connection made
to the public IP will have the dst hanged to and
sent out on the internal network.  I would like clients to be able to
connect to the public IP address,, given an address in, and then NAT'd so that the clients can connect to any
machine on the subnet.

The problem is, the OpenBSD machine only has one physical

Relavent OpenVPN server configuration:


     push "route"
     push "route"

What works: I can connect to the OpenVPN server as a client.  The
tunnel interface on the server gets configured as "inet --> netmask 0xffffffff" and the tunnel interface on the client
gets configured as "inet --> netmask 0xffffffff".  I
am able to ping from

However, I can send icmp echo requests to any host on
(and they get there) but the source address remains  They
are being routed by the machine just fine, but no NAT is taking place.

Relavent pf configuration:

     nat on xl0 inet from ->

What is weird to me, is how the tun0 interfaces get setup.  It's clear
that the OpenBSD machine isn't matching the packets to the NAT rule
(it works as if there were no NAT rule specified at all).  Any ideas
how to get the NAT rule to match?

Thanks in advance,


Openvpn-users mailing list