Luis Mendes wrote: > Did as suggested, here's some output of the log moments after I tried > to start the vpn. > > 192.168.1.12 -> internal ip of the corporate laptop > > 17.7.7.7 -> redacted external IP of OpenBSD router. > > > There are some UDP port 500 connection tries, like: > Sep 19 23:11:26.369581 rule 13/(match) block out on re0: 17.7.7.7 > > > 74.113.97.82: icmp: 17.7.7.7 udp port 500 unreachable > > The full log, as I'm unsure what more to look for. > Try running:
# pfctl -s rules -R 13 and should give you your answer. I noticed your rules e.g.: pass out on re0 inet from 192.168.1.0 to any flags S/SA nat-to (re0) round-robin are missing a netmask on the IP. Shouldn't there be a "/24" or other on the end? Regards Lloyd
