| | 102 | |
| | 103 | {{{ |
| | 104 | # default openvpn settings for the client network |
| | 105 | vpnclients = "10.8.0.0/24" |
| | 106 | #put your wan interface here (it will almost certainly be different) |
| | 107 | wanint = "vtnet0" |
| | 108 | # put your tunnel interface here, it is usually tun0 |
| | 109 | vpnint = "tun0" |
| | 110 | # OpenVPN by default runs on udp port 1194 |
| | 111 | udpopen = "{1194}" |
| | 112 | icmptypes = "{echoreq, unreach}" |
| | 113 | |
| | 114 | set skip on lo |
| | 115 | # the essential line |
| | 116 | nat on $wanint inet from $vpnclients to any -> $wanint |
| | 117 | |
| | 118 | block in |
| | 119 | pass in on $wanint proto udp from any to $wanint port $udpopen |
| | 120 | pass in on $wanint proto tcp from any to any port 22 keep state |
| | 121 | pass in on $wanint proto tcp from any to any port 80 keep state |
| | 122 | pass in on $wanint proto tcp from any to any port 443 keep state |
| | 123 | # the following two lines could be made stricter if you don't trust the clients |
| | 124 | pass out quick |
| | 125 | pass in on $vpnint from any to any |
| | 126 | pass in inet proto icmp all icmp-type $icmptypes |
| | 127 | }}} |
| | 128 | |
