[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn on openbsd with a peculiar setup


  • Subject: [Openvpn-users] openvpn on openbsd with a peculiar setup
  • From: coldfire22x <coldfire22x@xxxxxxxxx>
  • Date: Thu, 9 Dec 2004 14:21:21 -0500

Greetings all,

The ultimate goal: I have an OpenBSD machine setup on my internal
network with one physical interface and an IP address of 192.168.1.14.
 A NAT configuration is setup at the router, i.e., a connection made
to the public IP 1.2.3.4 will have the dst hanged to 192.168.1.14 and
sent out on the internal network.  I would like clients to be able to
connect to the public IP address, 1.2.3.4, given an address in
10.0.0.0/24, and then NAT'd so that the clients can connect to any
machine on the 192.168.1.0/24 subnet.

The problem is, the OpenBSD machine only has one physical
interface(192.168.1.14).

Relavent OpenVPN server configuration:

     server 10.0.0.0 255.255.255.0

     push "route 10.0.0.0 255.255.255.0"
     push "route 192.168.1.0 255.255.255.0"

What works: I can connect to the OpenVPN server as a client.  The
tunnel interface on the server gets configured as "inet 10.0.0.1 -->
10.0.0.2 netmask 0xffffffff" and the tunnel interface on the client
gets configured as "inet 10.0.0.6 --> 10.0.0.5 netmask 0xffffffff".  I
am able to ping 10.0.0.1 from 10.0.0.6.

However, I can send icmp echo requests to any host on 192.168.111.0/24
(and they get there) but the source address remains 10.0.0.6.  They
are being routed by the machine just fine, but no NAT is taking place.

Relavent pf configuration:

     nat on xl0 inet from 10.0.0.2 -> 192.168.111.14

What is weird to me, is how the tun0 interfaces get setup.  It's clear
that the OpenBSD machine isn't matching the packets to the NAT rule
(it works as if there were no NAT rule specified at all).  Any ideas
how to get the NAT rule to match?

Thanks in advance,


Abe

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users