openvpn

[Doug Hardie]

> On 24 April 2019, at 02:51, Odhiambo Washington <odhiambo at gmail.com> wrote:
> 
> 
> 
> On Wed, 24 Apr 2019 at 10:51, Richard Gallamore <ultima at freebsd.org> wrote:
> Hello Doug,
> 
> I am suspect of the system not being configured as a router, aka sysctl
> values should be set to net.inet.ip.forwarding: 1 and
> net.inet6.ip6.forwarding: 1 (for v6 traffic) to allow packets to be
> forwarded. If you add /etc/rc.conf, file /etc/sysctl.conf,
> /boot/loader.conf and pf.conf or ipfw configuration it will help greatly in
> understanding your configuration if this doesn't work.
> 
> Best regards,
> Richard Gallamore
> 
> +1 
> 
> -- 

I don't believe that will accomplish anything.  First of all there is only one network interface.  The packets are received by openvpn, decrypted and then originated to the server in the clear.  There is no packet forwarding required.  Second, If I use telnet from the remote client to the server through the VPN, I do get a connection and it does receive responses.  When using port 25, postfix is reporting some invalid characters in the very first packet.  Those are logged and they are definitely invalid.  After that, the data is sent properly.  SSH does not appear to have that issue, but the responses never are visible on the client.  The response packets are arriving at the client.  They are correct between the server and openvpn.

Just for the record inet forwarding is set to 1. inet6 is not used.  This is entirely IPv4.  pf is not enabled on the server.  It is on the openvpn machine, but only resticts mail from a few servers that are black holed.