On Sun, May 27, 2007 at 06:37:35PM +0200, Benjamin Lutz wrote: > On Saturday 26 May 2007 16:39, User Pjf wrote: > > I install openvpn from port. Follow openvpn.net howto, vpn can > > connect from client to server, but on client side, I cann't ping > > server side other machines. > > > > On my server side, vpn server and gateway is same one box, I > > use dev tun, the server has a public static ip address, install > > nat,ipfw for internal net to Internet. > > > > In refer to howto, > > "Make sure that you've enabled IP and TUN/TAP forwarding on > > the OpenVPN server machine." > > > > I know IP forwarding is work fine, but how to enable TUN forwarding? > > You enable ip forwarding with the net.inet.ip.forwarding and > net.inet6.ip6.forwarding sysctls. However, if your gateway already > works for the internal net, I strongly suspect those sysctls are > already set to 1. > > I'd have a look at your firewall ruleset.
I don't setup any firewall ruleset. I just use freebsd default ruleset.This is my /etc/rc.conf: # -- sysinstall generated deltas -- # Fri Oct 20 17:47:04 2006 # Created: Fri Oct 20 17:47:04 2006 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. check_quotas="NO" defaultrouter="219.137.13.1" #defaultrouter="192.168.14.254" hostname="pjfs.renzhichu.cc" ifconfig_em1="inet 219.137.13.77 netmask 255.255.255.0" ifconfig_rl0="inet 192.168.14.253 netmask 255.255.255.0" keymap="us.iso" sshd_enable="YES" usbd_enable="NO" named_enable="YES" inetd_enable="YES" gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="em1" natd_flags="" openvpn_enable="YES" > It seems most likely to me > that the reason for your VPN not working lies there. I suggest that you > enable logging for any "deny" rules you have in your ruleset and see > whether any packets associated with the VPN connection are dropped. OK. I add these two lines into /etc/sysctl.conf. net.inet.ip.fw.verbose=1 net.inet.ip.fw.verbose_limit=5 I will test it at this afternoon. > > Cheers > Benjamin Thank you very much. Pei _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
