strange issue somewhere I loose routing(or something)

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
abyss1
OpenVpn Newbie
Posts: 2
Joined: Fri Sep 06, 2013 8:31 am

strange issue somewhere I loose routing(or something)

Post by abyss1 » Fri Sep 06, 2013 8:48 am

Hi,

Ok so a fairly straight forward setup with a few minor need to knows.

I have a virtual OpenVPN server (Debian Wheezy 7.1, OpenVPN 2.3.2, Vmware 5.1)
I have an iptables configured on the service allowing pretty much all from openvpn to lan and reversed. Initially I was NATing all vpn traffic into the LAN but I would prefer to route it(this is where the issue comes up but back to that in a minute)

I have a LAN with 172.16.x.x/16 various subnets routed through a central firewall. my Openvpn subnet is 10.19.8.0/24.
I have statically assigned IP addresses to my Openvpn client via CCD ifconfig statements and this also works fine.

If I try to connect from a vpn connected client to anything in the network it works fine aslong as I have this rule in my iptables rules :
-A POSTROUTING -s 10.19.8.0/24 -o eth0 -j MASQUERADE
But as stated I want to route/bridge the openvpn addresses into my LAN, so when I remove that line the issue starts.

I have a target machine at 172.16.1.50 and 172.16.202.40 one runs a web site the other is a jumpbox so port 80 and port 22. If I try to connect to it from client 10.19.8.33 the connection does not come up not website no login prompt.
TCPdump along the path (on openvpn server , client and target machines) shows the packet going from client to the server and it answers, and here is the problem I see the packet hit the external interface of the openvpn server but not the tunnel interface.

Bare with me now it gets odd.

Ok so iptables rule blocking it right or forwarding not acting right , well no (i think) I am pretty sure all those are ok , iptables unloaded on the client even just to make sure. But now it gets interesting if I initiate a ping or traceroute from the server to the client it goes through and after that I can also open any connection from the client to the server without problems.

So I assume it is a arp problem but I am not sure where this would hit and how best to resolve it.
Top
abyss1
OpenVpn Newbie
Posts: 2
Joined: Fri Sep 06, 2013 8:31 am

Re: strange issue somewhere I loose routing(or something)

Post by abyss1 » Fri Sep 06, 2013 9:34 am

Cant edit it anymore , so here a little something I forgot.

I have in my /etc/network/interfaces the following line :
up sysctl net.ipv4.conf.eth0.proxy_arp=1

I know this should result in better arp behaviour but ... problem persists.
Top
Post Reply

Return to “Installation Help”