View Single Post
Old 1st February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

The address of your nfe0 NIC is 192.168.1.4, but in the routing table it is 192.168.1.1

Code:
$ route -n show 
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
0/1                10.100.1.1         UGS        0        0     -     8 tun0 
default            192.168.1.1        UGS        9    62319     -     8 nfe0 
10.100.1/24        link#6             UC         1        0     -     4 tun0 
10.100.1/24        10.100.1.1         UGS        0        0     -     8 tun0 
10.100.1.1         link#6             UHLc       3        0     -     4 tun0 
92.241.168.20/32   192.168.1.1        UGS        0        0     -     8 nfe0 
127/8              127.0.0.1          UGRS       0        0 33200     8 lo0  
127.0.0.1          127.0.0.1          UH         7   134400 33200     4 lo0  
128/1              10.100.1.1         UGS        0        0     -     8 tun0 
192.168.1/24       link#1             UC         1        0     -     4 nfe0 
192.168.1.1        00:xx:xx:xx:xx:xx  UHLc       2     1643     -     4 nfe0 
192.168.1.4        127.0.0.1          UGHS       0        0 33200     8 lo0  
224/4              127.0.0.1          URS        0        0 33200     8 lo0 

$ ifconfig nfe0

nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:xx:xx:xx:xx:86
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::2xx:xxff:fexx:xx86%nfe0 prefixlen 64 scopeid 0x1
        inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
In the routing table tun0 shows up in the 10.100.1.0/24 network but the ifconfig shows it is 10.100.2.106 and thus in 10.100.2.0/24.

Because of these two abnormalities you are getting these 'no routes to host' messages.

Code:
tun1: flags=9803<UP,BROADCAST,SIMPLEX,LINK0,MULTICAST> mtu 1500
        lladdr fe:xx:xx:xx:xx:a9
        priority: 0
        groups: tun
        status: no carrier
        inet 10.100.1.9 netmask 0xffffff00 broadcast 10.100.1.255
        inet6 fe80::fcxx:xxff:fexx:xxa9%tun1 prefixlen 64 scopeid 0x7

tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
        lladdr fe:xx:xx:xx:xx:34
        priority: 0
        groups: tun
        status: active
        inet 10.100.2.106 netmask 0xffffff00 broadcast 10.100.2.255
        inet6 fe80::fcxx:xxff:fexx:xx34%tun0 prefixlen 64 scopeid 0x8
And I wonder what tun1 is doing, it shows 'no carrier', although it is in the 10.100.1.0/24 network which happens to be in the routing tables.

OpenVPN seems to configure tun0
Code:
Tue Feb  1 15:14:00 2011 /sbin/ifconfig tun0 destroy
Tue Feb  1 15:14:00 2011 /sbin/ifconfig tun0 create
Tue Feb  1 15:14:00 2011 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Tue Feb  1 15:14:00 2011 /sbin/ifconfig tun0 10.100.2.106 netmask 255.255.255.0 mtu 1500 broadcast 10.100.2.255 link0
Tue Feb  1 15:14:00 2011 TUN/TAP device /dev/tun0 opened
Although I wonder how pf handles network devices that don't exist when the rules are loading,

How about the Windows approach, rebooting the system?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote