Date: Fri, 23 Oct 2015 18:13:31 +0000 From: James Lodge <James@Lodge.me.uk> To: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org> Subject: Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface Message-ID: <VI1PR06MB1037CEABEFFBDA95CAF7691BF9260@VI1PR06MB1037.eurprd06.prod.outlook.com> In-Reply-To: <562A7147.5080002@freebsd.org> References: <VI1PR06MB1037B08D9BEB7B207C602F43F9260@VI1PR06MB1037.eurprd06.prod.outlook.com>, <562A7147.5080002@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 2015-10-23 11:37, James Lodge wrote: > Hello all, > > > I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run O= penVPN. I'm not using vimage and don't particularly want to but I'm having = an issue with networking. > > > OpenVPN daemon is up and running and I can connect successfully as a clie= nt. I receive an IP address as expected, but I cannot route traffic to/from= client/server. The routing table on the client (which is a Windows machine= ) looks fine so I assume the issue is on the server side. I have a tun inte= rface created on the host and exposed to the jail via devfs rules. The IP a= ddress on the tun interface is configure on the host and not from the jail.= I can ping the tun interface IP from the host and the jail, but not from t= he client when connected. > > > Client---------public IP --------- lo1 (Jail alias Interface)------tun0 (= OpenVPN Interface) > > 10.8.06 x.x.x.x 172.16.1.8 = 10.8.0.1 > > > > OpenVPN Jail Routing Table: > > Internet: > Destination Gateway Flags Netif Expire > 172.16.1.8 link#4 UH lo1 > > Jail Host Routing Table: > Internet: > Destination Gateway Flags Netif Expire > default x.x.0.1 UGS vtnet0 > 10.8.0.0 10.8.0.2 UGS tun0 > 10.8.0.1 link#5 UHS lo0 > 10.8.0.2 link#5 UH tun0 > x.x.0.0/18 link#1 U vtnet0 > x.x.x.x link#1 UHS lo0 > localhost link#3 UH lo0 > 172.16.1.1 link#4 UH lo1 > 172.16.1.2 link#4 UH lo1 > 172.16.1.3 link#4 UH lo1 > 172.16.1.4 link#4 UH lo1 > 172.16.1.5 link#4 UH lo1 > 172.16.1.6 link#4 UH lo1 > 172.16.1.7 link#4 UH lo1 > 172.16.1.8 link#4 UH lo1 > > Client Routing Table: > > IPv4 Route Table > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > Active Routes: > Network Destination Netmask Gateway Interface Metr= ic > 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 = 20 > 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 = 20 > 10.8.0.4 255.255.255.252 On-link 10.8.0.6 2= 76 > 10.8.0.6 255.255.255.255 On-link 10.8.0.6 2= 76 > 10.8.0.7 255.255.255.255 On-link 10.8.0.6 2= 76 > > > > I'm a little stumped as to how to trouble shoot the issue so any help muc= h appreciated. > > > James > > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > Try running 'tcpdump -i tun0 -n' on the host, while pining from the > windows machine, and see if the packets are arriving. > >-- >Allan Jude Thank you Allan,=20 I should have thought of tcpdump. So traffic is being received at the host = from the windows client. Results from Host tcpdump -i tun0 -n=20 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577,= length 40 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 512633= 761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com.= (34) 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com.= (34) After that I thought I'd see if the traffic is reaching the jail. After all= ow the jail access to /dev/bpf I get the same results as the host, traffic = is received.=20 Results from Jail tcpdump -i tun0 -n 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com.= (34) 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com.= (34) 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com.= (34) 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 313928= 1876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 415204= 8904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 310746= 3099, win 65535, options [mss 1368,nop,nop,sackOK], length 0 19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com.= (34) Regards James
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?VI1PR06MB1037CEABEFFBDA95CAF7691BF9260>