Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Jul 2020 14:46:31 -0400
From:      Kurt Hackenberg <kh@panix.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Routing IP traffic from client through server openvpn tunnel?
Message-ID:  <97e2cbc5-c8af-eaf3-d0bd-4218421958af@panix.com>
In-Reply-To: <20200704133607.GA91599@rancor.immure.com>
References:  <20200704133607.GA91599@rancor.immure.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2020-07-04 09:36, Bob Willcox wrote:

> My FreeBSD gateway system has an openvpn tunnel connected to my Son's network
> and when logged into the gateway system we can access his network throught the
> tunnel just fine. But from other systems in my network it doesn't work. The
> packets get over to the gateway system (maul) but no further.
> 
> This is the routing table on my gateway system:
> 
> Internet:
> Destination        Gateway            Flags     Netif Expire
> default            108.84.10.14       UGS        igb0
> 10.1.132.0/23      link#2             U           em0
> 10.1.132.1         link#2             UHS         lo0
> 10.4.0.1           link#4             UH         tun0
> 10.4.0.2           link#4             UHS         lo0
> 108.84.10.8/29     link#1             U          igb0
> 108.84.10.9        link#1             UHS         lo0
> 108.84.10.13       link#1             UHS         lo0
> 127.0.0.1          link#3             UH          lo0
> 192.168.2.0/24     10.4.0.1           UGS        tun0
> 
> Here's a traceroute from the gateway system:
> 
> bob@maul:2> traceroute 192.168.2.19
> traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets
>   1  coovas.knighthammer.com (10.4.0.1)  55.347 ms  53.420 ms  55.786 ms
>   2  192.168.2.19 (192.168.2.19)  50.291 ms  48.516 ms  55.858 ms
> 
> And here is one from one of my other systems:
> 
> bob@han:1> traceroute 192.168.2.19
> traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets
>   1  maul (10.1.132.1)  0.261 ms  0.256 ms  0.244 ms
>   2  * * *
>   3  * * *
> 
> So my question is, what am I missing (likely on the gateway system) that would
> prevent the packets from other systems being routed to the tunnel?


Well, the subnet masks of network 10 look a little strange to me. What's 
the subnet mask of the tunnel (10.4.0.0)? Remember that network 10 is 
class A, default mask /8.

Also, 10.1.132.0/23? Not /24, or /16? Also, I'm not sure it works to 
have different subnet masks on different subnets of an IP network. At 
least, it's more straightforward to make them all the same, and net 10 
has plenty of address space to do that.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97e2cbc5-c8af-eaf3-d0bd-4218421958af>