creiss
Cadet
- Joined
- Sep 5, 2013
- Messages
- 4
Hey folks,
I have my NAS at home and a "real" Server "out there" with 30+ Vms. The Server runs an OpenVPN Server that attaches a 10.10.0.0/24 network where all the vms are available on. Connecting via openvpn routes everything correctly and I can reach everything.
Now my goal is to run an OpenVPN client on either FreeNAS or inside a Jail. My DSL router is providing my home network with ips out of the pool 10.0.0.0/24 and already pushes a static route 10.1.0.0/24 via 10.0.0.113 (which is a FreeBSD Jail on the NAS).
Now said Jail can connect (and does so automatically uppon jail start) to the OpenVPN Server and can ping remote VMs over OpenVPN:
However, any other host on my home-lan can not:
However, there are ICMP pakets arriving at the OpenVPN-Jail:
There is nothing arriving on the remote OpenVPN Server at all. There is however if I ping from the openvpn-jail, of course. So it seems like a routing issue, but:
Also:
There is no (restrictive) firewall active:
Sidenote: If I run OpenVPN from FreeNAS directly using the same configuration I can connect, but not ping any remote host at all.
I am running FreeNAS 9.2.1.7 x64. And I am out of my wits. What am I Missing here?
Thanks for any pointers/info!
-Christian.
I have my NAS at home and a "real" Server "out there" with 30+ Vms. The Server runs an OpenVPN Server that attaches a 10.10.0.0/24 network where all the vms are available on. Connecting via openvpn routes everything correctly and I can reach everything.
Now my goal is to run an OpenVPN client on either FreeNAS or inside a Jail. My DSL router is providing my home network with ips out of the pool 10.0.0.0/24 and already pushes a static route 10.1.0.0/24 via 10.0.0.113 (which is a FreeBSD Jail on the NAS).
Now said Jail can connect (and does so automatically uppon jail start) to the OpenVPN Server and can ping remote VMs over OpenVPN:
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> epair3b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 02:b0:91:00:0d:0b inet 10.0.0.113 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1<PERFORMNUD> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet 10.10.0.26 --> 10.10.0.25 netmask 0xffffffff nd6 options=1<PERFORMNUD> Opened by PID 36333
Code:
root@syncer:/# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.1 UGS 0 3998099 epair3 10.0.0.0/24 link#2 U 0 192 epair3 10.0.0.113 link#2 UHS 0 0 lo0 10.1.0.0/24 10.10.0.25 UGS 0 1283184 tun0 10.10.0.1/32 10.10.0.25 UGS 0 0 tun0 10.10.0.25 link#3 UH 0 0 tun0 10.10.0.26 link#3 UHS 0 0 lo0 46.229.47.131/32 10.10.0.25 UGS 0 0 tun0 46.229.47.141/32 10.10.0.25 UGS 0 0 tun0 127.0.0.1 link#1 UH 0 0 lo0
Code:
root@syncer:/# ping 10.1.0.3 PING 10.1.0.3 (10.1.0.3): 56 data bytes 64 bytes from 10.1.0.3: icmp_seq=0 ttl=63 time=80.316 ms 64 bytes from 10.1.0.3: icmp_seq=1 ttl=63 time=92.710 ms ^C --- 10.1.0.3 ping statistics --- 3 packets transmitted, 2 packets received, 33.3% packet loss round-trip min/avg/max/stddev = 80.316/86.513/92.710/6.197 ms
However, any other host on my home-lan can not:
Code:
icarus [~] $ ping 10.1.0.3 Pinging 10.1.0.3 with 32 bytes of data: Request timed out.
However, there are ICMP pakets arriving at the OpenVPN-Jail:
Code:
root@syncer:/# tcpdump -i epair3b host 10.0.0.10 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on epair3b, link-type EN10MB (Ethernet), capture size 65535 bytes 10:47:38.097786 IP icarus.fritz.box > 10.1.0.3: ICMP echo request, id 1, seq 2, length 40
There is nothing arriving on the remote OpenVPN Server at all. There is however if I ping from the openvpn-jail, of course. So it seems like a routing issue, but:
Code:
root@syncer:/# sysctl -a | grep -i forw options IPFIREWALL_FORWARD kern.smp.forward_signal_enabled: 1 net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 1 net.inet6.ip6.forwarding: 0
Also:
Code:
root@syncer:/# cat /etc/rc.conf portmap_enable="NO" sshd_enable="YES" sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" hostname="syncer" devfs_enable="YES" devfs_system_ruleset="devfsrules_common" openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/client.ovpn" openvpn_dir="/usr/local/etc/openvpn" postfix_enable="yes" gateway_enable="YES" router_enable="YES" cloned_interfaces="tun"
There is no (restrictive) firewall active:
Code:
root@syncer:/# ipfw show 65535 22895524 21794544080 allow ip from any to any
Sidenote: If I run OpenVPN from FreeNAS directly using the same configuration I can connect, but not ping any remote host at all.
I am running FreeNAS 9.2.1.7 x64. And I am out of my wits. What am I Missing here?
Thanks for any pointers/info!
-Christian.