From owner-freebsd-jail@freebsd.org Fri Oct 23 17:41:33 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BC64A1D5FE for ; Fri, 23 Oct 2015 17:41:33 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id 5C105CAB for ; Fri, 23 Oct 2015 17:41:33 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id C4476D007 for ; Fri, 23 Oct 2015 17:41:26 +0000 (UTC) Subject: Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface To: freebsd-jail@freebsd.org References: From: Allan Jude Message-ID: <562A7147.5080002@freebsd.org> Date: Fri, 23 Oct 2015 13:41:27 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 17:41:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-10-23 11:37, James Lodge wrote: > Hello all, >=20 >=20 > I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run= OpenVPN. I'm not using vimage and don't particularly want to but I'm hav= ing an issue with networking. >=20 >=20 > OpenVPN daemon is up and running and I can connect successfully as a cl= ient. I receive an IP address as expected, but I cannot route traffic to/= from client/server. The routing table on the client (which is a Windows m= achine) looks fine so I assume the issue is on the server side. I have a = tun interface created on the host and exposed to the jail via devfs rules= =2E The IP address on the tun interface is configure on the host and not = from the jail. I can ping the tun interface IP from the host and the jail= , but not from the client when connected. >=20 >=20 > Client---------public IP --------- lo1 (Jail alias Interface)------tun0= (OpenVPN Interface) >=20 > 10.8.06 x.x.x.x 172.16.1.8 = 10.8.0.1 >=20 >=20 >=20 > OpenVPN Jail Routing Table: >=20 > Internet: > Destination Gateway Flags Netif Expire > 172.16.1.8 link#4 UH lo1 >=20 > Jail Host Routing Table: > Internet: > Destination Gateway Flags Netif Expire > default x.x.0.1 UGS vtnet0 > 10.8.0.0 10.8.0.2 UGS tun0 > 10.8.0.1 link#5 UHS lo0 > 10.8.0.2 link#5 UH tun0 > x.x.0.0/18 link#1 U vtnet0 > x.x.x.x link#1 UHS lo0 > localhost link#3 UH lo0 > 172.16.1.1 link#4 UH lo1 > 172.16.1.2 link#4 UH lo1 > 172.16.1.3 link#4 UH lo1 > 172.16.1.4 link#4 UH lo1 > 172.16.1.5 link#4 UH lo1 > 172.16.1.6 link#4 UH lo1 > 172.16.1.7 link#4 UH lo1 > 172.16.1.8 link#4 UH lo1 >=20 > Client Routing Table: >=20 > IPv4 Route Table > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > Active Routes: > Network Destination Netmask Gateway Interface Me= tric > 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 = 20 > 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 = 20 > 10.8.0.4 255.255.255.252 On-link 10.8.0.6 = 276 > 10.8.0.6 255.255.255.255 On-link 10.8.0.6 = 276 > 10.8.0.7 255.255.255.255 On-link 10.8.0.6 = 276 >=20 >=20 >=20 > I'm a little stumped as to how to trouble shoot the issue so any help m= uch appreciated. >=20 >=20 > James >=20 >=20 >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 Try running 'tcpdump -i tun0 -n' on the host, while pining from the windows machine, and see if the packets are arriving. --=20 Allan Jude --EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWKnFOAAoJEBmVNT4SmAt+4REP/RUZz2VLtQJRsVvZZq+XjkLq 5/Ym4aHHCc8YOcpSMzBPrpjB4nIL0O95dhZjBYhcrYinU3aDk4if6rqpWyTCmsbj 2ts7m16f00DFbvF2M2vgUBPeAMZvzCINM4i0Epyvm7d0qyhBuTEiHjYiFT7PxLNM jr75tLL9KN34/rcdwTtZg5LdegNu/UGzT8rh5rb7Ql7cTl0gkwmsdjP9ZPdNzQWU m+NSYJOcF9W9InzJIB+TrWhwszE2/gBvQ7UycBL+i3dciYX0BJAhJ7bPi9OiV1Oz 4hxlRYNaEndM0qO0iISqoJktRLMzc26Yhn4DheN35MJGlemJ2pXWE/AiAql8exkP gX55F19aS7gm+z0u66WsrIJaqumTdbXUdNG+1+qsUSEFNnk9Jwz50yUKmjuXTyLW a0l8CPadUJzH7trNVc1mP1kMs5tgpXakhIcNuYWQzlfuGL59hiKmuALvrlnw3Wfp wPJjsO5UQX+/m7ODy+3h6kQH0d+w7TW/aFEntWFreTkafj/Id40wykBH1OrWbYpC p6hz2eKV53rOzoXt9RwK9DgIOy0uniBZd19Ti34sf7mi09wp45qf4WoFfiv0msRq e4aejV47S10UPUjBrM2YRw4S4fAMeu2cFHXamtxLL3eHHcaYfo94gNjF3Gj1Iphp nQlsw5UBdWCTs48N1r0z =E+xu -----END PGP SIGNATURE----- --EOnwafblGJbqU8NqaaJUDJ9uFq3LsPmXE--