Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th September 2014
irukandji irukandji is offline
Port Guard
Join Date: Jul 2013
Posts: 16
Default VPN Client (tun) and routing tables

I have a OpenVPN client over tun interface where all the outgoing smtp is blocked. When I start it, it pushes destination to the routing tables pointing to vpn gateway. And my smtp server is no longer able to send the email. To resolve this problem i have created an IP alias on em0 and wanted to move the smtp to it but however i try i cant make it connectable. I have also created a route for that alias directly to my internal network gateway but it doesnt help. I am literally lost, i dont know even where to start solving this problem.

Is maybe someone so nice and help me out, at least to point me to what to look for

Thank you in advance.
Reply With Quote
  #2   (View Single Post)  
Old 30th September 2014
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102

What is output of route -n. What is physical interface? How the PF rules look for physical interface and how do they look for tun0. If something is wrong with your routing tables that means that OpenVPN client or server are misconfiguration. This is my work desktop Red Hat connected with OpenVPN client connected to our computing lab OpenVPN gateway running OpenBSD. tun0 is filtered has only 12 ports in total open (ssh,LDAP, NFS) . Non the less I can ftp to a random server for example which is as you know random port opening or browse Internet from my desktop.

[root@loom ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface  UH    0      0        0 tun0   UG    0      0        0 tun0   UG    0      0        0 tun0   U     0      0        0 em1     U     1002   0        0 em1           UG    0      0        0 em1

Last edited by Oko; 30th September 2014 at 01:13 AM.
Reply With Quote
  #3   (View Single Post)  
Old 30th September 2014
irukandji irukandji is offline
Port Guard
Join Date: Jul 2013
Posts: 16

On pf side i am not blocking anything and i want the default network traffic to go through the vpn. ( my router, alias, *.x.x.x are set by vpn client). traceroute -s cant access the network.

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:22:4d:81:52:91
inet netmask 0xffffff00 broadcast
inet6 fe80::222:4dff:fe81:5291%em0 prefixlen 64 scopeid 0x1
inet netmask 0xffffffff broadcast
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

Destination Gateway Flags Refs Use Netif Expire 10.x.x.x UGS 0 18546455 tun0 =>
default UGS 0 2130 em0
10.x.x.x link#4 UH 0 0 tun0
10.x.x.y link#4 UHS 0 0 lo0
localhost link#2 UH 0 2032800 lo0 10.x.x.x UGS 0 36090399 tun0 link#1 U 0 5873530 em0
mini link#1 UHS 0 0 lo0 link#1 U 0 0 em0
212.x.x.x/32 UGS 0 25158704 em0

int_ip = ""
int_if = "em0"
int_gw = ""

pass in quick on $int_if reply-to ($int_if $int_gw) proto icmp to $int_ip keep state
pass in on $int_if reply-to ($int_if $int_gw) to $int_ip keep state
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD 5.0 and Current i386 buggy acpi tables shep OpenBSD Installation and Upgrading 6 14th July 2014 09:16 PM
OBSD client hangs mounting NFS; Linux client doesn't amorphousone OpenBSD General 7 26th August 2010 05:21 AM
Routing and routing some more! Weaseal FreeBSD General 1 19th August 2008 01:39 PM
pf tables how long values stored ijk FreeBSD Security 3 12th August 2008 11:45 AM
PF <tables> hunteronline FreeBSD Security 8 16th July 2008 08:52 PM

All times are GMT. The time now is 03:53 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick