On Wed, Dec 14, 2011 at 06:28:55PM -0800, Johan Beisser wrote: > On Wed, Dec 14, 2011 at 5:54 PM, Erling Westenvik > <erling.westen...@gmail.com> wrote: > > After upgrading (re-installing from scratch) my firewall from 4.6 (or > > 4.7) to 5.0, I have not been able to get OpenVPN back working. Please > > forgive me for asking here at misc but I have spent two days Googling, > > reading tons of HOWTO's and trying out different solutions, but without > > being able to solve the issue. > > What are your current pf.conf rules? Did you check that the syntax is > right? Have you checked it for errors? Have you looked at the output > for pflog? > > What's your current routing table? Does that look correct?
I didn't dare to take Janne Johansson's little HOWTO "Why a priori knowledge is better than HOWTO's" as anything less than a challenge and have spent the last five days trying to learn adn understand some basic principles. Thank you, Janne. Really! Anyway, the problem was a combination of pf rules and routing tables. The former is solved completely and LAN clients and WLAN VPN-clients now connect with each other. But VPN clients cannot reach the server or the internet, and the server cannot reach the VPN clients. Sorry for bumping this here @ misc when my question propably belong to some OpenVPN forum, but it seems like no-one out there can say much on OpenVPN issues that appears to be OpenBSD spesific. What puzzles me is that I cannot make the tun-interface show up in the route table on the server: Destination Gateway Flags Refs Use Mtu Prio Iface default AAA.BB.CCC.D UGS 3 1101 - 8 url0 127/8 127.0.0.1 UGRS 0 0 33196 8 lo0 127.0.0.1 127.0.0.1 UH 2 0 33196 4 lo0 192.168.2/24 link#5 UC 1 0 - 4 acx0 192.168.2.200 00:16:ea:b3:65:d0 UHLc 1 400 - 4 acx0 192.168.3/24 link#2 UC 2 0 - 4 bge0 192.168.3.106 00:1e:4f:95:19:1d UHLc 1 1582 - 4 bge0 192.168.3.200 fe:e1:ba:d7:c3:24 UHLc 0 28 - 4 bge0 193.90.160/20 link#6 UC 1 0 - 4 url0 AAA.BB.CCC.D 00:90:1a:42:6d:81 UHLc 1 0 - 4 url0 AAA.BB.CCC.DDD 127.0.0.1 UGHS 0 0 33196 8 lo0 224/4 127.0.0.1 URS 0 0 33196 8 lo0 /etc/hostname.tun0 <<< link0 up !/usr/local/sbin/openvpn --config /etc/openvpn/server.conf >>> /etc/hostname.bridge0 <<< add bge0 add acx0 up >>> -- Cheers, Erling
