|
|
Hei!
Thanks for the reply.
On Tuesday 05 December 2006 16:47, Nejc Skoberne wrote:
> > So I'm wondering why is it so - is the problem in PF states or these
Windows
> > machines being OpenVPN clients. Any thoughts, suggestions for what I might
> > try?
>
> Strange. I would consider using WireShark on Windows servers in order to see
the
> packets going in and out of the interfaces.
Unfortunately I don't maintain these servers so I can't monitor any packets on
them.
> Also, it might be a pf sessions
> issue - try passing all packets or at least logging blocked packets and
monitoring
> the pflog interface in realtime with tcpdump.
In PF I have these rules for VPN-traffic (I assume the used macros/variables
are self-explanatory :):
pass on { $int_if, $vpn_if, $bridge_if } proto tcp from $vpn_nets to
$int_if:network flags S/SA keep state
pass on { $int_if, $vpn_if, $bridge_if } proto udp from $vpn_nets to
$int_if:network
pass on { $int_if, $vpn_if, $bridge_if } proto tcp from $int_if:network to
$vpn_nets flags S/SA keep state
pass on { $int_if, $vpn_if, $bridge_if } proto udp from $int_if:network to
$vpn_nets
For ICMP I have a rule:
pass inet proto icmp all icmp-type echoreq keep state
I'm logging PF blockings also and I don't see any packets getting blocked
while I just wait for ICMP reply.
Silver
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|