00:58:14 <mighty_spiky> I'm configuring an OpenVPN instance using the NAT mode (tun device) and I can connect successfully from the client but can't reach anything once connected. I'm pretty sure that the only thing missing is the firewall rule I have to add to make tun mode works. On Linux with iptables, the working rule is "-A POSTROUTING -s 192.168.66.0/24 -o br0 -j
00:58:14 <mighty_spiky> MASQUERADE" .  On Illumos, I found a howto for SmartOS ( https://blog.daveeddy.com/2018/07/05/openvpn-server-setup-with-easyrsa-on-smartos/ ) telling me that the line to add to ipfilter is "map * from 192.168.66.0/24 to any -> 0.0.0.0/32" but it seems its not the exact syntax for OmniOS because service ipfilter turn on "maintenance" status when I
00:58:15 <mighty_spiky> try with that line. Anyone has the magic line? Please note that 192.168.66.0/24 is the internal network of the tun mode, not my LAN.
01:10:50 <sommerfeld> mighty_spiky: just to check, you're putting the "map" line into ipnat.conf (not ipf.conf?)
01:17:05 <mighty_spiky> I've tried both: In ipnat.conf, it seems it is not recognized when I run "ipfstat -io" and when I put it in /etc/ipf/ipf.conf , the ipfilter service turn on "maintenance" mode
01:29:11 <mighty_spiky> It turns out, I was running the wrong command to verify my work.. When I execute "ipnat -l" , I'm seeing the rule I put in ipnat.conf and, after trying again through my client, everything is working good! Thanks for the help sommerfeld!
02:08:17 <sommerfeld> mighty_spiky: glad to be able to help..
02:08:40 <sommerfeld> "map" is ipnat.conf syntax, not recognized in ipf.conf
02:17:06 <mighty_spiky> sommerfeld , I wish I had figured it before posting here, hehe
11:09:15 <tsoome_> there is ip-howto (like this instance https://www.napp-it.org/doc/manuals/ipf-howto.pdf) - its very nice writeup about how to build ipf config. 
13:05:35 <mighty_spiky> <tsoome_> , thanks for the tip