Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Oct 2015 13:41:27 -0400
From:      Allan Jude <allanjude@freebsd.org>
To:        freebsd-jail@freebsd.org
Subject:   Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
Message-ID:  <562A7147.5080002@freebsd.org>
In-Reply-To: <VI1PR06MB1037B08D9BEB7B207C602F43F9260@VI1PR06MB1037.eurprd06.prod.outlook.com>
References:  <VI1PR06MB1037B08D9BEB7B207C602F43F9260@VI1PR06MB1037.eurprd06.prod.outlook.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2015-10-23 11:37, James Lodge wrote:
> Hello all,
>=20
>=20
> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run=
 OpenVPN. I'm not using vimage and don't particularly want to but I'm hav=
ing an issue with networking.
>=20
>=20
> OpenVPN daemon is up and running and I can connect successfully as a cl=
ient. I receive an IP address as expected, but I cannot route traffic to/=
from client/server. The routing table on the client (which is a Windows m=
achine) looks fine so I assume the issue is on the server side. I have a =
tun interface created on the host and exposed to the jail via devfs rules=
=2E The IP address on the tun interface is configure on the host and not =
from the jail. I can ping the tun interface IP from the host and the jail=
, but not from the client when connected.
>=20
>=20
> Client---------public IP --------- lo1 (Jail alias Interface)------tun0=
 (OpenVPN Interface)
>=20
> 10.8.06          x.x.x.x                   172.16.1.8                  =
            10.8.0.1
>=20
>=20
>=20
> OpenVPN Jail Routing Table:
>=20
> Internet:
> Destination        Gateway            Flags      Netif Expire
> 172.16.1.8         link#4             UH          lo1
>=20
> Jail Host Routing Table:
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            x.x.0.1         UGS      vtnet0
> 10.8.0.0           10.8.0.2           UGS        tun0
> 10.8.0.1              link#5             UHS         lo0
> 10.8.0.2              link#5             UH         tun0
> x.x.0.0/18          link#1             U        vtnet0
> x.x.x.x                 link#1             UHS         lo0
> localhost            link#3             UH          lo0
> 172.16.1.1         link#4             UH          lo1
> 172.16.1.2         link#4             UH          lo1
> 172.16.1.3         link#4             UH          lo1
> 172.16.1.4         link#4             UH          lo1
> 172.16.1.5         link#4             UH          lo1
> 172.16.1.6         link#4             UH          lo1
> 172.16.1.7         link#4             UH          lo1
> 172.16.1.8         link#4             UH          lo1
>=20
> Client Routing Table:
>=20
> IPv4 Route Table
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Me=
tric
>           0.0.0.0          0.0.0.0         10.8.0.5         10.8.0.6   =
  20
>          10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6   =
  20
>          10.8.0.4  255.255.255.252         On-link          10.8.0.6   =
 276
>          10.8.0.6  255.255.255.255         On-link          10.8.0.6   =
 276
>          10.8.0.7  255.255.255.255         On-link          10.8.0.6   =
 276
>=20
>=20
>=20
> I'm a little stumped as to how to trouble shoot the issue so any help m=
uch appreciated.
>=20
>=20
> James
>=20
>=20
>=20
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"=

>=20

Try running 'tcpdump -i tun0 -n' on the host, while pining from the
windows machine, and see if the packets are arriving.

--=20
Allan Jude


--EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWKnFOAAoJEBmVNT4SmAt+4REP/RUZz2VLtQJRsVvZZq+XjkLq
5/Ym4aHHCc8YOcpSMzBPrpjB4nIL0O95dhZjBYhcrYinU3aDk4if6rqpWyTCmsbj
2ts7m16f00DFbvF2M2vgUBPeAMZvzCINM4i0Epyvm7d0qyhBuTEiHjYiFT7PxLNM
jr75tLL9KN34/rcdwTtZg5LdegNu/UGzT8rh5rb7Ql7cTl0gkwmsdjP9ZPdNzQWU
m+NSYJOcF9W9InzJIB+TrWhwszE2/gBvQ7UycBL+i3dciYX0BJAhJ7bPi9OiV1Oz
4hxlRYNaEndM0qO0iISqoJktRLMzc26Yhn4DheN35MJGlemJ2pXWE/AiAql8exkP
gX55F19aS7gm+z0u66WsrIJaqumTdbXUdNG+1+qsUSEFNnk9Jwz50yUKmjuXTyLW
a0l8CPadUJzH7trNVc1mP1kMs5tgpXakhIcNuYWQzlfuGL59hiKmuALvrlnw3Wfp
wPJjsO5UQX+/m7ODy+3h6kQH0d+w7TW/aFEntWFreTkafj/Id40wykBH1OrWbYpC
p6hz2eKV53rOzoXt9RwK9DgIOy0uniBZd19Ti34sf7mi09wp45qf4WoFfiv0msRq
e4aejV47S10UPUjBrM2YRw4S4fAMeu2cFHXamtxLL3eHHcaYfo94gNjF3Gj1Iphp
nQlsw5UBdWCTs48N1r0z
=E+xu
-----END PGP SIGNATURE-----

--EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?562A7147.5080002>