[pfSense Support] open vpn ruleset?

Tue, 07 Aug 2007 04:02:25 -0700 

Hi,
thanks for reading this

I've been able to establish an open vpn tunnel between a pfsense
10.2-rc1 machine at work and my linux box at home (which uses an ADSL
modem/bridge and has a static IP).


10.0.0.0/24--lan--PFSENSE ~~~~~~~ LINUX--lan--192.168.0.0/24

the openvpn server settings on pfsense are to have a

On pfsense I see this interface:
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet6 fe80::21b:21ff:fe01:245a%tun0 prefixlen 64 scopeid 0x16
        inet 10.50.102.1 --> 10.50.102.2 netmask 0xffffffff
        Opened by PID 11694

and this route:
192.168.29         10.50.102.2        UGS         0        6   tun0

but when I try and ping the local tunnel I get an error...

# ping 10.50.102.1
PING 10.50.102.1 (10.50.102.1): 56 data bytes
ping: sendto: No buffer space available


---------

On linux box I see this:
tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.50.102.2  P-t-P:10.50.102.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:3192 (3.1 Kb)

and I see this route in my table:
10.0.0.0        10.50.102.1     255.255.255.0   UG    0      0        0 tun0

---------

If I run "tcpdump -i tun0" at each end and ping the other, I can see the
icmp packets leave but nothing coming back; I have made sure my linux
box. If on my linux box I ping a node at work LAN I see the ping going
into tun0, no reply, and likewise if on the pfsense box I ping the LAN
address on my machine at home it too goes down the tunnel.


My questions are this.

1/ how can I find out why the tunnel isn't passing traffic

2/ how do I define firewalling rules on the pfsense box to determine
what the openvpn clients can access? Although I can add a rule and
specify the interface as WAN,LAN,PPTP,PPOE,IPSEC or my sync and DMZ
interfaces, there doesn't appear to be an option for openvpn clients; if
I do create a rule for ipsec it "disappears", as there's no tab for that
"interface".

thanks very much
Paul


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to