Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Jul 2020 19:04:49 -0400
From:      Jon Radel <jon@radel.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Routing IP traffic from client through server openvpn tunnel?
Message-ID:  <cc1318b6-09a0-54fc-a7a0-71c549035ab7@radel.com>
In-Reply-To: <97e2cbc5-c8af-eaf3-d0bd-4218421958af@panix.com>
References:  <20200704133607.GA91599@rancor.immure.com> <97e2cbc5-c8af-eaf3-d0bd-4218421958af@panix.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On 7/4/20 14:46, Kurt Hackenberg wrote:
> On 2020-07-04 09:36, Bob Willcox wrote:
>
>>
>> This is the routing table on my gateway system:
>>
>> Internet:
>> Destination        Gateway            Flags     Netif Expire
>> default            108.84.10.14       UGS        igb0
>> 10.1.132.0/23      link#2             U           em0
>> 10.1.132.1         link#2             UHS         lo0
>> 10.4.0.1           link#4             UH         tun0
>> 10.4.0.2           link#4             UHS         lo0
>> 108.84.10.8/29     link#1             U          igb0
>> 108.84.10.9        link#1             UHS         lo0
>> 108.84.10.13       link#1             UHS         lo0
>> 127.0.0.1          link#3             UH          lo0
>> 192.168.2.0/24     10.4.0.1           UGS        tun0
>>
>>
>
>
> Well, the subnet masks of network 10 look a little strange to me.
> What's the subnet mask of the tunnel (10.4.0.0)? Remember that network
> 10 is class A, default mask /8.
>
> Also, 10.1.132.0/23? Not /24, or /16? Also, I'm not sure it works to
> have different subnet masks on different subnets of an IP network. At
> least, it's more straightforward to make them all the same, and net 10
> has plenty of address space to do that.
> _______________________________________________ 


Absolutely nothing wrong with /23.  Using only /24s and /16s makes your
reverse DNS a bit easier, but that's about it.  Of course it works to
have different size networks inside 10.0.0.0/8, once upon a time known
as a Class A network.  I will, however, agree that it's easier to make
sure that you're not overlapping networks, and other bad things, if you
make your networks all the same size, but that's purely a human problem. 

Bottom line:  CIDR happened decades ago, and it's time to move on.

Side note:  Even before CIDR subnetting, network 10 with different sized
subnets was a fine thing to do.  Unless you used RIP v1 or something
else that imposed constraints.

As for the original question:  I'd agree with two earlier answers that
the most likely underlying issues are lack of appropriate routes back
from the son's network or that maul doesn't have IPv4 forwarding turned on.

-- 
--Jon Radel
jon@radel.com


[-- Attachment #2 --]
0	*H
010
	`He0	*H
00Πj8;+kٸRV0
	*H
010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
130110000000Z
280109235959Z010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0"0
	*H
0
W(vu@8v!P%yL}:X>1.4vلj=4HK hyt4z|e`'"2@rF5P3*UT+%4D5+
ZSu+­=7F_Zte
>)
94Fro8pNhFF#Ne6/M{UWֱmAYT"o)CI	m84$.zW4 r^M9,R$
<080U#0~=<8220Ula|=+qH^ċ0U0U00U 
00U 0LUE0C0A?=;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q+e0c0;+0/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$+0http://ocsp.comodoca.com0
	*H
x\(4O<_VΟV쏢kI/5@qB!fk&kn{hJd| q[Lǿᓬ?"@fCOݐrXurJH5;#68jle) )Y4’Nezyq{:kx%iچ:w#f6HLP~jo9KXnM#:!!69i\}^M;TSX7	̯3]Tc6O$voX*5!4.aKE8HIĹ7?Ar}r# R/h<סnuy<1	3mɔv#~&pvg' skMH#/ƨ$/uXqTu(|^-vM҆NKX7fA\X5sh2qP\YǟENRarpGtZp_"k7DdJVGz00Ԡt$a,w0
	*H
010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0
180304000000Z
210303235959Z010	UUS10U2215010	UVA10USpringfield10U	6917 Ridgeway Dr.10U
Jon T. Radel1200U)Issued through Jon T. Radel E-PKI Manager10UCorporate Secure Email10U	Jon Radel10	*H
	
jon@radel.com0"0
	*H
0
LNuOpS#OfK!UdYo
/Ǡ8,K +3ڄdI̓h3f8\/9N6(6/FY~˩I¯.~1$#DT]~8҄YO7+8b°$aEr]bW8ECIGJZ
tTK5ڈhӎڀ6Pc
3=dEH00U#0la|=+qH^ċ0UtZI&Ҝ0U0U00U%0++0FU ?0=0;+10+0)+https://secure.comodo.net/CPS0ZUS0Q0OMKIhttp://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crl0+0}0U+0Ihttp://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt0$+0http://ocsp.comodoca.com0U0
jon@radel.com0
	*H
T4iYDP#3oN]k|QϵH2q-®%WK0P3c[7Г<w'A\|MkY&~X;#`+;ok&Isݕ?CfpHwg2
5A~=f|M~^=ArZSYQ-4A;֎n9hEkhl^}Ky2B|(T]:15010010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt$a,w0
	`HeY0	*H
	1	*H
0	*H
	1
200704230449Z0/	*H
	1" AdrE[l&_iW֣I_	mK0l	*H
	1_0]0	`He*0	`He0
*H
0*H
0
*H
@0+0
*H
(0	+710010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt$a,w0*H
	1010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CAt$a,w0
	*H
XCU'΂\^lU^€n6Y3ɅS{-վNX`*V4'W>/i|@ y`?=I2:hD2ѻ	2U(n~)\zZ&HZI^ZdWiQʧjqP#:-et|S'^F|MBtwҨ8b g֠pb:
茽
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cc1318b6-09a0-54fc-a7a0-71c549035ab7>