From owner-freebsd-questions@freebsd.org Sun Jul 5 16:42:04 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 68C1E36EFE8 for ; Sun, 5 Jul 2020 16:42:04 +0000 (UTC) (envelope-from bob@rancor.immure.com) Received: from rancor.immure.com (108-84-10-9.lightspeed.austtx.sbcglobal.net [108.84.10.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "darth.immure.com", Issuer "darth.immure.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B0Dxl3LTfz486Q for ; Sun, 5 Jul 2020 16:42:03 +0000 (UTC) (envelope-from bob@rancor.immure.com) Received: from rancor.immure.com (localhost [127.0.0.1]) by rancor.immure.com (8.15.2/8.15.2) with ESMTPS id 065GftIb006279 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 5 Jul 2020 11:41:56 -0500 (CDT) (envelope-from bob@rancor.immure.com) Received: (from bob@localhost) by rancor.immure.com (8.15.2/8.15.2/Submit) id 065GftjB006278; Sun, 5 Jul 2020 11:41:55 -0500 (CDT) (envelope-from bob) Date: Sun, 5 Jul 2020 11:41:55 -0500 From: Bob Willcox To: "Jin Guojun[VFF]" Cc: questions list Subject: Re: Routing IP traffic from client through server openvpn tunnel? Message-ID: <20200705164155.GA6262@rancor.immure.com> Reply-To: Bob Willcox References: <20200704133607.GA91599@rancor.immure.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Rspamd-Queue-Id: 4B0Dxl3LTfz486Q X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of bob@rancor.immure.com has no SPF policy when checking 108.84.10.9) smtp.mailfrom=bob@rancor.immure.com X-Spamd-Result: default: False [4.15 / 15.00]; HAS_REPLYTO(0.00)[bob@immure.com]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.35)[0.352]; RCVD_TLS_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[immure.com]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.83)[0.829]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.77)[0.768]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[bob@immure.com,bob@rancor.immure.com]; SUBJECT_ENDS_QUESTION(1.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:7018, ipnet:108.64.0.0/11, country:US]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[bob@immure.com,bob@rancor.immure.com]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2020 16:42:04 -0000 On Sat, Jul 04, 2020 at 12:12:22PM -0700, Jin Guojun[VFF] wrote: > On 07/04/20 06:36, Bob Willcox wrote: > > My FreeBSD gateway system has an openvpn tunnel connected to my Son's network > > and when logged into the gateway system we can access his network throught the > > tunnel just fine. But from other systems in my network it doesn't work. The > > packets get over to the gateway system (maul) but no further. > > > > This is the routing table on my gateway system: > > > > Internet: > > Destination Gateway Flags Netif Expire > > default 108.84.10.14 UGS igb0 > > 10.1.132.0/23 link#2 U em0 > > 10.1.132.1 link#2 UHS lo0 > > 10.4.0.1 link#4 UH tun0 > > 10.4.0.2 link#4 UHS lo0 > > 108.84.10.8/29 link#1 U igb0 > > 108.84.10.9 link#1 UHS lo0 > > 108.84.10.13 link#1 UHS lo0 > > 127.0.0.1 link#3 UH lo0 > > 192.168.2.0/24 10.4.0.1 UGS tun0 > > > > Here's a traceroute from the gateway system: > > > > bob@maul:2> traceroute 192.168.2.19 > > traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets > > 1 coovas.knighthammer.com (10.4.0.1) 55.347 ms 53.420 ms 55.786 ms > > 2 192.168.2.19 (192.168.2.19) 50.291 ms 48.516 ms 55.858 ms > > > > And here is one from one of my other systems: > > > > bob@han:1> traceroute 192.168.2.19 > > traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets > > 1 maul (10.1.132.1) 0.261 ms 0.256 ms 0.244 ms > > 2 * * * > > 3 * * * > > > > So my question is, what am I missing (likely on the gateway system) that would > > prevent the packets from other systems being routed to the tunnel? > > > > Thanks for any help, > > Bob > If the gateway a commercial box, this could happen as traffic from WAN > port to LAN blocked by firewall. > If the gateway is built by a PC, then, you need to check ip_forwarding > settings. > > On end hosts, make sure masks match the port subnet mask on the gateway. > For han:1 case, both end hosts need to set specific router for routing > 192.168.2 to 10.1.132 and in reverse direction. >     han:1 # route add -net 192.168.2.0/24 a_proper_router_interface_IP >     the_other_host # route add -net 10.1.132.0/23 > a_proper_router_interface_IP > > Above are most common issues in configuring network. If these things are > all set properly, then > you need to provide more details and full topology of the network for > analyzing the problem. I would like to thank everyone for their responses. As it turns out the problem was with routing on my Son's system in that he had an error in his routing table. Once corrected all was well, packets are transferring both directions now. Sorry for disturbance, Bob -- Bob Willcox | It's possible that the whole purpose of your life is to bob@immure.com | serve as a warning to others. Austin, TX |