reply-to option for udp port 1194 ( for OpenVPN)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

reply-to option for udp port 1194 ( for OpenVPN)

Indunil Jayasooriya
Hi list,

I am running PF on OpenBSD 5 with 2 external links.

One is ASDL and other is Leased line.

my /etc/mygate is set to adsl ip.

So, default route via ADSL.

But, I want to access OpenVPN (i.e port 1194) via Leased line from the
Internet.


when, I try to access I get below error.


Feb 02 13:21:04.717389 rule 17/(match) pass in on ne1: 220.x.y.z.53208
> 172.16.x.1.1194: udp 14

Feb 02 13:21:04.718461 rule 6/(match) block out on ne2:
192.168.1.z.1194 > 220.x.y.z.53208: udp 26
Feb 02 13:21:06.043509 rule 6/(match) block out on ne2:
192.168.1.z.1194 > 220.x.y.z.53208: udp 14


ip 192.168.1.z is the ip address of PF firewall that connects to ADSL router.




my pf.conf file looks like this.



vpn= "tun0"

match out on $wan_if from 10.0.1.0/24 nat-to ($wan_if)


# filter rules
block in log
block out log
#pass out quick log

antispoof quick for { lo $int_if }

pass in quick log on $vpn
pass out quick log on $vpn

pass in log on $wan_if inet proto udp from any to $wan_if \
  port 1194 reply-to ($wan_if $wan_gw)



I need your advice to solve this issue?

Anyway, if i set to with TCP like this

pass in log on $wan_if inet proto tcp from any to $wan_if \
  port 1194 reply-to ($wan_if $wan_gw)


It works . Why It does NOT work for udp?


Hope to hear from you..




, it works










--
Thank you
Indunil Jayasooriya