[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] routing table problem (i think


  • Subject: Re: [Openvpn-users] routing table problem (i think
  • From: "Tielman Esterhuizen" <tielman.esterhuizen@xxxxxxxxx>
  • Date: Mon, 21 May 2007 06:13:51 +1000



On 5/20/07, Marcel de Reuver <marcel@xxxxxxxxxxxxx> wrote:
Tielman Esterhuizen wrote:
> Hi all,
>
> Probably an old problem but I can't find any information on it ( and I
> don't see how I'm the only one who has this problem):
>
> Solaris 9 with:
> OpenVPN 2.0.9
> ipfilter 4.1.22 (just in case there is some issue here)
>
> Solaris as server and testing with XP client config. Configuration is
> basically sample config files. I get the VPN link up but I can't route
> any traffic from client apart from remote server VPN interface. I get
> a default route but it seems wrong:
>
> ("route print" on XP client)
>
> Active Routes:
> Network Destination        Netmask          Gateway       Interface
> Metric
>           0.0.0.0 <http://0.0.0.0>          0.0.0.0
> <http://0.0.0.0 >         10.8.0.5 <http://10.8.0.5>        10.8.0.6
> <http://10.8.0.6>       1
>          10.8.0.1 <http://10.8.0.1>  255.255.255.255
> <http://255.255.255.255 >         10.8.0.5 <http://10.8.0.5>
> 10.8.0.6 <http://10.8.0.6>       1
>          10.8.0.4 <http://10.8.0.4>  255.255.255.252
> <http://255.255.255.252 >         10.8.0.6 <http://10.8.0.6>
> 10.8.0.6 <http://10.8.0.6>       30
>          10.8.0.6 <http://10.8.0.6>  255.255.255.255
> <http://255.255.255.255 >        127.0.0.1 <http://127.0.0.1>
> 127.0.0.1 <http://127.0.0.1>       30
>
> -------
> (ipconfig)
>
> Ethernet adapter OpenVPN:
>
>         Connection-specific DNS Suffix  . :
>         IP Address. . . . . . . . . . . . : 10.8.0.6 <http://10.8.0.6>
>         Subnet Mask . . . . . . . . . . . : 255.255.255.252
> <http://255.255.255.252 >
>         Default Gateway . . . . . . . . . : 10.8.0.5 <http://10.8.0.5>
>
>
>
> On server:
>
> [root@molfis /]# netstat -rn
>
> Routing Table: IPv4
>   Destination           Gateway           Flags  Ref   Use   Interface
> -------------------- -------------------- ----- ----- ------ ---------
> 10.8.0.2 <http://10.8.0.2>             10.8.0.1
> <http://10.8.0.1>             UH        1      1  tun0
> 10.8.0.0 <http://10.8.0.0>             10.8.0.2
> <http://10.8.0.2>             UG        1      1
> 192.168.1.0 <http://192.168.1.0>          192.168.1.12
> <http://192.168.1.12 >         U         1      2  eri0
> 224.0.0.0 <http://224.0.0.0>            192.168.1.12
> < http://192.168.1.12>         U         1      0  eri0
> default              192.168.1.254 <http://192.168.1.254>
> UG        1     98
> 127.0.0.1 <http://127.0.0.1>            127.0.0.1
> <http://127.0.0.1>            UH       11  38696  lo0
>
> [root@molfis /]# ifconfig -a
> lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 2
>         inet 127.0.0.1 < http://127.0.0.1> netmask ff000000
> eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
>         inet 192.168.1.12 < http://192.168.1.12> netmask ffffff00
> broadcast 192.168.1.255 <http://192.168.1.255>
>         ether 0:3:ba:c:aa:1c
> lo0: flags=2000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 2
>         inet6 ::1/128
> eri0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
>         ether 0:3:ba:c:aa:1c
>         inet6 fe80::203:baff:fe0c:aa1c/10
> tun0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> mtu
> 1500 index 11
>         inet 10.8.0.1 <http://10.8.0.1> --> 10.8.0.2 <http://10.8.0.2 >
> netmask ffffffff
>         ether 0:0:0:0:0:0
>
>
> What looks wierd to me is the fact that the client has a default route
> of ...5 and it should be 1. If I change it to 1 (configure the
> interface on XP) then nothing works. On the other hand I can ping (and
> tracert) the remote server interface so something is working.
>
> As I said my config is standard so I'd expect it work. Have tried
> various config changes but default route always is 5 (??)
>
> On XP:
>
> cygwin-bash-3.2$ tracert 10.8.0.1 <http://10.8.0.1>
>
> Tracing route to 10.8.0.1 <http://10.8.0.1> over a maximum of 30 hops
>
>   1   546 ms     5 ms     5 ms   10.8.0.1 <http://10.8.0.1>
> Trace complete.
>
> cygwin-bash-3.2$ tracert 99.99.99.99 <http://99.99.99.99 >
>
> Tracing route to 99.99.99.99 <http://99.99.99.99> over a maximum of 30
> hops
>
>   1     *        *        *     Request timed out.
>   2     *        * ...
>
> ----------
>
> On Solaris:
>
> [root@molfis /]# traceroute 10.8.0.6 <http://10.8.0.6>
> traceroute: Warning: Multiple interfaces found; using 10.8.0.1
> <http://10.8.0.1> @ tun0
> traceroute to 10.8.0.6 <http://10.8.0.6> (10.8.0.6 <http://10.8.0.6>),
> 30 hops max, 40 byte packets
>  1  * * 10.8.0.6 <http://10.8.0.6> (10.8.0.6 <http://10.8.0.6>)
> 3389.165 ms
>
>
> [root@molfis /]# traceroute 99.99.99.99 <http://99.99.99.99>
> traceroute: Warning: Multiple interfaces found; using 192.168.1.12
> < http://192.168.1.12> @ eri0
> traceroute to 99.99.99.99 <http://99.99.99.99> ( 99.99.99.99
> <http://99.99.99.99>), 30 hops max, 40 byte packets
>  1  speedtouch.lan (X.X.X.X)  7.545 ms  84.724 ms  100.032 ms
>  2  blah blah blah  15.125 ms   13.620 ms  15.965 ms
>  3  blah blah blah  13.390 ms !N  15.704 ms !N  12.800 ms !N
>
>
> Sure hope someone can help.
>
> Thanks
> Tielman

The router, 192.168.1.254, in the network of the Solaris OpenVPN server
must know the route to the OpenVPN network, 10.8.0.0
Configure a static route on this router with gateway address
192.168.1.12 (= Solaris OpenVPN server)

Thanks, I have tried to do so but the default route is a DSL device that does not support it - so I installed ipfilter on Solaris and NATed the 10.8.0.0 network with the following rule: map tun0 10.8.0.0/24 -> 0/32 (maybe this has become a problem for the ipfilter list)

[root@molfis /]# ipnat  -l
List of active MAP/Redirect filters:
map tun0 10.8.0.0/24 -> 0.0.0.0/32

List of active sessions:
MAP 10.8.0.1        <- -> 10.8.0.1        [10.8.0.6]


Thanks for the help!