Date: Sun, 5 Jul 2020 11:41:55 -0500 From: Bob Willcox <bob@immure.com> To: "Jin Guojun[VFF]" <jguojun@gmail.com> Cc: questions list <freebsd-questions@freebsd.org> Subject: Re: Routing IP traffic from client through server openvpn tunnel? Message-ID: <20200705164155.GA6262@rancor.immure.com> In-Reply-To: <b5895cfd-86e1-9d7a-98fc-5796a9e17d4b@gmail.com> References: <20200704133607.GA91599@rancor.immure.com> <b5895cfd-86e1-9d7a-98fc-5796a9e17d4b@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 04, 2020 at 12:12:22PM -0700, Jin Guojun[VFF] wrote: > On 07/04/20 06:36, Bob Willcox wrote: > > My FreeBSD gateway system has an openvpn tunnel connected to my Son's network > > and when logged into the gateway system we can access his network throught the > > tunnel just fine. But from other systems in my network it doesn't work. The > > packets get over to the gateway system (maul) but no further. > > > > This is the routing table on my gateway system: > > > > Internet: > > Destination Gateway Flags Netif Expire > > default 108.84.10.14 UGS igb0 > > 10.1.132.0/23 link#2 U em0 > > 10.1.132.1 link#2 UHS lo0 > > 10.4.0.1 link#4 UH tun0 > > 10.4.0.2 link#4 UHS lo0 > > 108.84.10.8/29 link#1 U igb0 > > 108.84.10.9 link#1 UHS lo0 > > 108.84.10.13 link#1 UHS lo0 > > 127.0.0.1 link#3 UH lo0 > > 192.168.2.0/24 10.4.0.1 UGS tun0 > > > > Here's a traceroute from the gateway system: > > > > bob@maul:2> traceroute 192.168.2.19 > > traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets > > 1 coovas.knighthammer.com (10.4.0.1) 55.347 ms 53.420 ms 55.786 ms > > 2 192.168.2.19 (192.168.2.19) 50.291 ms 48.516 ms 55.858 ms > > > > And here is one from one of my other systems: > > > > bob@han:1> traceroute 192.168.2.19 > > traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets > > 1 maul (10.1.132.1) 0.261 ms 0.256 ms 0.244 ms > > 2 * * * > > 3 * * * > > > > So my question is, what am I missing (likely on the gateway system) that would > > prevent the packets from other systems being routed to the tunnel? > > > > Thanks for any help, > > Bob > If the gateway a commercial box, this could happen as traffic from WAN > port to LAN blocked by firewall. > If the gateway is built by a PC, then, you need to check ip_forwarding > settings. > > On end hosts, make sure masks match the port subnet mask on the gateway. > For han:1 case, both end hosts need to set specific router for routing > 192.168.2 to 10.1.132 and in reverse direction. > han:1 # route add -net 192.168.2.0/24 a_proper_router_interface_IP > the_other_host # route add -net 10.1.132.0/23 > a_proper_router_interface_IP > > Above are most common issues in configuring network. If these things are > all set properly, then > you need to provide more details and full topology of the network for > analyzing the problem. I would like to thank everyone for their responses. As it turns out the problem was with routing on my Son's system in that he had an error in his routing table. Once corrected all was well, packets are transferring both directions now. Sorry for disturbance, Bob -- Bob Willcox | It's possible that the whole purpose of your life is to bob@immure.com | serve as a warning to others. Austin, TX |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200705164155.GA6262>