openvpn on freebsd problem
Pei Pjf
peter at topcomtech.com.cn
Mon May 28 01:57:33 UTC 2007
On Sun, May 27, 2007 at 06:37:35PM +0200, Benjamin Lutz wrote:
> On Saturday 26 May 2007 16:39, User Pjf wrote:
> > I install openvpn from port. Follow openvpn.net howto, vpn can
> > connect from client to server, but on client side, I cann't ping
> > server side other machines.
> >
> > On my server side, vpn server and gateway is same one box, I
> > use dev tun, the server has a public static ip address, install
> > nat,ipfw for internal net to Internet.
> >
> > In refer to howto,
> > "Make sure that you've enabled IP and TUN/TAP forwarding on
> > the OpenVPN server machine."
> >
> > I know IP forwarding is work fine, but how to enable TUN forwarding?
>
> You enable ip forwarding with the net.inet.ip.forwarding and
> net.inet6.ip6.forwarding sysctls. However, if your gateway already
> works for the internal net, I strongly suspect those sysctls are
> already set to 1.
>
> I'd have a look at your firewall ruleset.
I don't setup any firewall ruleset. I just use freebsd default ruleset.This is my /etc/rc.conf:
# -- sysinstall generated deltas -- # Fri Oct 20 17:47:04 2006
# Created: Fri Oct 20 17:47:04 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
check_quotas="NO"
defaultrouter="219.137.13.1"
#defaultrouter="192.168.14.254"
hostname="pjfs.renzhichu.cc"
ifconfig_em1="inet 219.137.13.77 netmask 255.255.255.0"
ifconfig_rl0="inet 192.168.14.253 netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"
usbd_enable="NO"
named_enable="YES"
inetd_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="em1"
natd_flags=""
openvpn_enable="YES"
> It seems most likely to me
> that the reason for your VPN not working lies there. I suggest that you
> enable logging for any "deny" rules you have in your ruleset and see
> whether any packets associated with the VPN connection are dropped.
OK. I add these two lines into /etc/sysctl.conf.
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5
I will test it at this afternoon.
>
> Cheers
> Benjamin
Thank you very much.
Pei
More information about the freebsd-questions
mailing list