[CDBUG-talk] OpenVPN with NAT (fwd)

freebsd at fongaboo.com freebsd at fongaboo.com
Mon Feb 23 18:27:51 EST 2015

OK I think I discovered one rookie move... While I enabled the gateway 
interface in /etc/rc.conf, this whole time when I was initiating natd, I 
was forgetting -n, so I wasn't actually specifying a WAN interface during 
all these tests.

I've corrected that, but still no cigar. I connected my client machine and 
gateway redirection is activated. I ran tcpdump on tun0 on the server. 
Then on the client I try to browse to my colo's IP address with lynx  and 
this is what I get:

18:22:41.956903 IP > helix.wtfayla.net.http: Flags [S], seq 103149988, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 237585708 ecr 0], length 0

Lynx ultimately fails. Not sure what to get out of that tcpdump output. 
And is it only half the picture? Do I have to dump/grep the WAN interface 
somehow too?


On Mon, 23 Feb 2015, Patrick Muldoon wrote:

>> On Feb 23, 2015, at 4:24 PM, freebsd at fongaboo.com wrote:
>> Any of my Upstate peeps have any advice for me? Trying to run OpenVPN server on my colo, and route clients to the Internet through it. Can't get it to NAT the VPN clients to the server's WAN interface (with NATD/IPFW at least).
> Have you found where it is failing?     for example if you sniff can you see all your packets making it to the box, and then just failing nat?? or do they not even get redirected there?
> --
> Patrick Muldoon
> Network/Software Engineer
> INOC (http://www.inoc.net)
> If at first you don't succeed, call it version 1.0

More information about the CDBUG-talk mailing list