Hi list, I am running PF on OpenBSD 5 with 2 external links.
One is ASDL and other is Leased line. my /etc/mygate is set to adsl ip. So, default route via ADSL. But, I want to access OpenVPN (i.e port 1194) via Leased line from the Internet. when, I try to access I get below error. Feb 02 13:21:04.717389 rule 17/(match) pass in on ne1: 220.x.y.z.53208 > 172.16.x.1.1194: udp 14 Feb 02 13:21:04.718461 rule 6/(match) block out on ne2: 192.168.1.z.1194 > 220.x.y.z.53208: udp 26 Feb 02 13:21:06.043509 rule 6/(match) block out on ne2: 192.168.1.z.1194 > 220.x.y.z.53208: udp 14 ip 192.168.1.z is the ip address of PF firewall that connects to ADSL router. my pf.conf file looks like this. vpn= "tun0" match out on $wan_if from 10.0.1.0/24 nat-to ($wan_if) # filter rules block in log block out log #pass out quick log antispoof quick for { lo $int_if } pass in quick log on $vpn pass out quick log on $vpn pass in log on $wan_if inet proto udp from any to $wan_if \ port 1194 reply-to ($wan_if $wan_gw) I need your advice to solve this issue? Anyway, if i set to with TCP like this pass in log on $wan_if inet proto tcp from any to $wan_if \ port 1194 reply-to ($wan_if $wan_gw) It works . Why It does NOT work for udp? Hope to hear from you.. , it works -- Thank you Indunil Jayasooriya