OpenVPN on OpenBSD - BSD

This is a discussion on OpenVPN on OpenBSD - BSD ; Hi, I installed openvpn server on a Openbsd machine with 2 network interfaces xl0 and xl1. xl0 is the external side, xl1 the internal side and tun0 the tunneling for the vpn-connection I installed two cisco routers and two debian ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: OpenVPN on OpenBSD

  1. OpenVPN on OpenBSD

    Hi,

    I installed openvpn server on a Openbsd machine with 2 network interfaces
    xl0 and xl1.

    xl0 is the external side, xl1 the internal side and tun0 the tunneling for
    the vpn-connection

    I installed two cisco routers and two debian clients.


    debian1 ---------- router1 ----I----- router2 ------ OpenBSD ------ debian2

    Ip-addresses:
    debian1 192.168.10.125
    router1 192.168.10.224 -------- 21.128.70.224
    I to simulate the internet
    router2 21.128.70.223 -------- 10.13.200.223
    Openbsd 10.13.200.221 -------- 192.168.5.224
    debian2 192.168.5.115

    debian1 is the openvpn-client and needs to connect to the openbsd-server
    with the openvpn-server with ssh

    Everything works fine without the pf-firewall running on the openbsd-server

    Can some help me configuring the pf-configuration ?

    thx

    Philip



  2. Re: OpenVPN on OpenBSD

    "Jan Testers" writes:

    > Everything works fine without the pf-firewall running on the openbsd-server


    The default PF rule set starts with block all, but allows name
    resolution, ssh in, basic icmp and nfs mounts and little else.

    It sounds like you have not included the correct pass rules for your
    OpenVPN config.

    Most likely it's a one-line addition you need. googling turns up
    http://blog.innerewut.de/articles/20...2-0-on-openbsd,
    which indicates the rule you need would be something like "pass proto
    udp from any to any port 1194", with narrower address ranges substituted
    for 'any' if so desired.
    --
    Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
    "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
    20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.

+ Reply to Thread