У клиентов именно 172.16.20.0/24.
NAT поднят (natd_enable="YES" natd_interface="rl1")
rl1 это 10.0.95.5 - тот интерфейс, что смотрит на провайдера.
мне кажется где-то тут я и "заглючил"
После поднятия vpn'а ifconfig выдает следующее:
-----------------------------------------------------------------------
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.20.1 netmask 0xffffff00 broadcast 172.16.20.255
ether 00:c1:28:00:a9:5c
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.95.5 netmask 0xffffff00 broadcast 10.0.95.255
ether 00:c1:28:00:a9:a2
media: Ethernet autoselect (10baseT/UTP)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1470
inet 213.247.183.199 --> 10.0.0.100 netmask 0xffffffff
Opened by PID 171
------------------------------------------------------------------
netstat -nr выдает вот что:
-------------------------------------------------------------------
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.100 UGSc 6 4907 tun0
10.0.0.100 213.247.183.199 UH 4 33 tun0
10.0.95/24 link#2 UC 1 0 rl1
10.0.95.1 00:c0:26:f1:ca:2b UHLW 3 56494 rl1 1185
127.0.0.1 127.0.0.1 UH 0 10 lo0
172.16.20/24 link#1 UC 1 0 rl0
172.16.20.1 00:c1:28:00:a9:5c UHLW 0 6 lo0
172.16.20.6 00:c0:26:a7:b0:80 UHLS 0 387 rl0
172.16.20.7 00:c0:26:a4:7f:d2 UHLS 0 15053 rl0
172.16.20.9 00:04:79:66:74:21 UHLS 0 2 rl0
255.255.255.255 213.247.183.199 UGHSb 6 0 tun0
-------------------------------------------------------------------------
ipfw list вот что:
-------------------------------------------------------------------------
ipfw list
00050 divert 8668 ip from any to any via rl1
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65100 allow 255 from any to any
65200 fwd 10.0.95.5 ip from 172.16.2.0/24 to any
65535 deny ip from any to any
-------------------------------------------------------------------------