I'm configuring an OpenVPN instance using the NAT mode (tun device) and I can connect successfully from the client but can't reach anything once connected. I'm pretty sure that the only thing missing is the firewall rule I have to add to make tun mode works. On Linux with iptables, the working rule is "-A POSTROUTING -s 192.168.66.0/24 -o br0 -j

MASQUERADE" .  On Illumos, I found a howto for SmartOS ( blog.daveeddy.com/2018/07/05/openvp…erver-setup-with-easyrsa-on-smartos ) telling me that the line to add to ipfilter is "map * from 192.168.66.0/24 to any -> 0.0.0.0/32" but it seems its not the exact syntax for OmniOS because service ipfilter turn on "maintenance" status when I

try with that line. Anyone has the magic line? Please note that 192.168.66.0/24 is the internal network of the tun mode, not my LAN.

mighty_spiky: just to check, you're putting the "map" line into ipnat.conf (not ipf.conf?)

I've tried both: In ipnat.conf, it seems it is not recognized when I run "ipfstat -io" and when I put it in /etc/ipf/ipf.conf , the ipfilter service turn on "maintenance" mode

It turns out, I was running the wrong command to verify my work.. When I execute "ipnat -l" , I'm seeing the rule I put in ipnat.conf and, after trying again through my client, everything is working good! Thanks for the help sommerfeld!

mighty_spiky: glad to be able to help..

"map" is ipnat.conf syntax, not recognized in ipf.conf

sommerfeld , I wish I had figured it before posting here, hehe

there is ip-howto (like this instance napp-it.org/doc/manuals/ipf-howto.pdf) - its very nice writeup about how to build ipf config.

<tsoome_> , thanks for the tip