I have openvpn running on a openbsd server that is behind a firewall, so it is a local member of the LAN. The openvpn is a bridge configuration.
firewall internal 10.0.10.1 openvpn server 10.0.10.15 vpn clients are assigned 10.0.10.240 - 10.0.10.244
I have PF set to pass traffic between the two network. Traffic works in both directions. I can ping the lan from vpn clients and I can ping the clients from other machines on the lan.
I have use to have Bonjour use to work over this setup. I could manage the timecapsule when vpn'd in, and use other bonjour protocol features. I noticed it is not and tried to get it up again, and it's not working.
My pf.conf is as shown:
int_if="em0"
vpn_if="tun0"
br_if="bridge0"
all_if="{" $int_if $vpn_if $br_if "}"
local="10.0.10.0/24"
ssh="22"
dns="53"
ntp="123"
mdns_one=5353
mdns_two=5354
mdns="{" $mdns_one $mdns_two "}"
vpn="9999"
pub_tcp="{" $ssh $mdns_one "}"
pub_udp="{" $dns $ntp $mdns_two "}"
set skip on lo
scrub in
block in
pass in on $all_if proto tcp from any to any port $pub_tcp
pass in on $all_if proto udp from any to any port $pub_udp
pass in on $all_if inet proto icmp from any to $int_if
pass out on $all_if proto { tcp udp icmp } from any to any modulate state
#bonjour
pass in on $int_if dup-to $vpn_if proto { tcp udp } from any to any port $mdns
pass in on $vpn_if dup-to $br_if proto { tcp udp } from any to any port $mdns
#vpn/bridge info
pass in on $int_if proto udp from any to $int_if port $vpn
pass in on { $vpn_if $br_if } inet proto { tcp udp icmp } from $local to $local
pass in on $int_if dup-to $vpn_if proto { tcp udp icmp } from $local to $local
any ideas?
