openvpn on freebsd problem
Benjamin Lutz
mail at maxlor.com
Sun May 27 16:37:52 UTC 2007
On Saturday 26 May 2007 16:39, User Pjf wrote:
> I install openvpn from port. Follow openvpn.net howto, vpn can
> connect from client to server, but on client side, I cann't ping
> server side other machines.
>
> On my server side, vpn server and gateway is same one box, I
> use dev tun, the server has a public static ip address, install
> nat,ipfw for internal net to Internet.
>
> In refer to howto,
> "Make sure that you've enabled IP and TUN/TAP forwarding on
> the OpenVPN server machine."
>
> I know IP forwarding is work fine, but how to enable TUN forwarding?
You enable ip forwarding with the net.inet.ip.forwarding and
net.inet6.ip6.forwarding sysctls. However, if your gateway already
works for the internal net, I strongly suspect those sysctls are
already set to 1.
I'd have a look at your firewall ruleset. It seems most likely to me
that the reason for your VPN not working lies there. I suggest that you
enable logging for any "deny" rules you have in your ruleset and see
whether any packets associated with the VPN connection are dropped.
Cheers
Benjamin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070527/f8d7ab74/attachment.pgp
More information about the freebsd-questions
mailing list