I am having trouble trying to route tun0 to em0 via nat. Maybe I've misread the nat section / examples in pf.conf man page The iptables way to do this was, iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 37.x.x.x
I can access and ping both sides while connected to openvpn. But when I tried outside the network I get. --- 8.8.8.8 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms tcpdump -eni pflog0 rule 1/(match) block in on tun0: 10.8.0.6 > 8.8.8.8: icmp: echo request (DF) pf.conf set skip on lo pass in on tun0 from 10.8.0.0/24 to any nat-to 37.x.x.x block log pass block in on ! lo0 proto tcp to port 6000:6010 openvpn server.conf proto udp port 80 dev tun0 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/private/server.key dh /etc/openvpn/dh2048.pem comp-lzo persist-key persist-tun keepalive 10 120 server 10.8.0.0 255.255.255.0 user _openvpn group _openvpn daemon push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" verb 3 status /etc/openvpn/status.log log /etc/openvpn/openvpn.log
