DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th September 2014
irukandji irukandji is offline
Port Guard
 
Join Date: Jul 2013
Posts: 16
Default VPN Client (tun) and routing tables

I have a OpenVPN client over tun interface where all the outgoing smtp is blocked. When I start it, it pushes 0.0.0.0/1 destination to the routing tables pointing to vpn gateway. And my smtp server is no longer able to send the email. To resolve this problem i have created an IP alias on em0 and wanted to move the smtp to it but however i try i cant make it connectable. I have also created a route for that alias directly to my internal network gateway but it doesnt help. I am literally lost, i dont know even where to start solving this problem.

Is maybe someone so nice and help me out, at least to point me to what to look for

Thank you in advance.
Reply With Quote
  #2   (View Single Post)  
Old 30th September 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

What is output of route -n. What is physical interface? How the PF rules look for physical interface and how do they look for tun0. If something is wrong with your routing tables that means that OpenVPN client or server are misconfiguration. This is my work desktop Red Hat connected with OpenVPN client connected to our computing lab OpenVPN gateway running OpenBSD. tun0 is filtered has only 12 ports in total open (ssh,LDAP, NFS) . Non the less I can ftp to a random server for example which is as you know random port opening or browse Internet from my desktop.

Code:
[root@loom ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.5           0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.6.0     10.8.0.5        255.255.255.0   UG    0      0        0 tun0
10.8.0.0          10.8.0.5        255.255.255.0   UG    0      0        0 tun0
128.2.176.0      0.0.0.0         255.255.248.0   U     0      0        0 em1
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 em1
0.0.0.0            128.2.176.1     0.0.0.0         UG    0      0        0 em1

Last edited by Oko; 30th September 2014 at 01:13 AM.
Reply With Quote
  #3   (View Single Post)  
Old 30th September 2014
irukandji irukandji is offline
Port Guard
 
Join Date: Jul 2013
Posts: 16
Default

On pf side i am not blocking anything and i want the default network traffic to go through the vpn. (192.168.1.1 my router, 192.168.1.201 alias, *.x.x.x are set by vpn client). traceroute -s 192.168.1.1 cant access the network.

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGIN G,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 00:22:4d:81:52:91
inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::222:4dff:fe81:5291%em0 prefixlen 64 scopeid 0x1
inet 192.168.1.201 netmask 0xffffffff broadcast 192.168.1.201
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

Internet:
Destination Gateway Flags Refs Use Netif Expire
0.0.0.0/1 10.x.x.x UGS 0 18546455 tun0 =>
default 192.168.1.1 UGS 0 2130 em0
10.x.x.x link#4 UH 0 0 tun0
10.x.x.y link#4 UHS 0 0 lo0
localhost link#2 UH 0 2032800 lo0
128.0.0.0/1 10.x.x.x UGS 0 36090399 tun0
192.168.1.0 link#1 U 0 5873530 em0
mini link#1 UHS 0 0 lo0
192.168.1.201/32 link#1 U 0 0 em0
212.x.x.x/32 192.168.1.1 UGS 0 25158704 em0

pf:
int_ip = "192.168.1.200"
int_if = "em0"
int_gw = "192.168.1.1"

pass in quick on $int_if reply-to ($int_if $int_gw) proto icmp to $int_ip keep state
pass in on $int_if reply-to ($int_if $int_gw) to $int_ip keep state
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD 5.0 and Current i386 buggy acpi tables shep OpenBSD Installation and Upgrading 6 14th July 2014 09:16 PM
OBSD client hangs mounting NFS; Linux client doesn't amorphousone OpenBSD General 7 26th August 2010 05:21 AM
Routing and routing some more! Weaseal FreeBSD General 1 19th August 2008 01:39 PM
pf tables how long values stored ijk FreeBSD Security 3 12th August 2008 11:45 AM
PF <tables> hunteronline FreeBSD Security 8 16th July 2008 08:52 PM


All times are GMT. The time now is 09:13 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick