# FreeBSD 7 and FreeBSD 8 OpenVPN problem



## terminator (May 10, 2011)

Hi,

I have a problem with the different behavior of OpenVPN under FreeBSD 7 and FreeBSD 8. Problem is as follows. I have created an OpenVPN server and IPSEC tunnel. I have a client which is connecting via OpenVPN to LAN. 

This is working properly (client is able to reach all computers inside LAN and their services) in both cases - FreeBSD 7 and 8. The problem occurs when I want to connect (e.g. PING) the LAN interface of FreeBSD - for example "em0" with IP 192.168.1.1.

On FreeBSD 7 (server) when I run *tcpdump*, I see packets coming from the OpenVPN network on the FreeBSD LAN interface ("em0" with IP 192.168.1.1) - everything works as should.

On FreeBSD 8 (server) - the ping from the client to LAN interface "em0" is working (I get reply from ip 192.168.1.1 (em0) on client PC), but when I run *tcpdump* on the LAN interface (192.168.1.1 - em0), I don't see any ICMP packets. (I wonder, what is answering me then?).

I found out the problem when I needed to configure NAT from OpenVPN to IPsec network. The NAT (PF) is working on FreeBSD 7.3! So the OpenVPN client is able to access the servers behind IPsec.

When I tried to do the same for FreeBSD 8.2 (8.1), It does not work! It's simple, because the packet does not reach the interface,  NAT does not apply.

I've tried it on two machines with FreeBSD 7.3 and FreeBSD 8.1 and 8.2.

Did you meet that kind of problem?


----------



## pbd (Jun 1, 2011)

Yes, packet with destination IP, which is configured on interface *A*, does not arrive to this interface if packet comes through interface *B*.

Still, why not configure the NAT on OpenVPN's tun/tap interface?


----------

