Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

Allan Jude allanjude at freebsd.org
Fri Oct 23 17:41:33 UTC 2015 

On 2015-10-23 11:37, James Lodge wrote:
> Hello all,
> 
> 
> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run OpenVPN. I'm not using vimage and don't particularly want to but I'm having an issue with networking.
> 
> 
> OpenVPN daemon is up and running and I can connect successfully as a client. I receive an IP address as expected, but I cannot route traffic to/from client/server. The routing table on the client (which is a Windows machine) looks fine so I assume the issue is on the server side. I have a tun interface created on the host and exposed to the jail via devfs rules. The IP address on the tun interface is configure on the host and not from the jail. I can ping the tun interface IP from the host and the jail, but not from the client when connected.
> 
> 
> Client---------public IP --------- lo1 (Jail alias Interface)------tun0 (OpenVPN Interface)
> 
> 10.8.06          x.x.x.x                   172.16.1.8                              10.8.0.1
> 
> 
> 
> OpenVPN Jail Routing Table:
> 
> Internet:
> Destination        Gateway            Flags      Netif Expire
> 172.16.1.8         link#4             UH          lo1
> 
> Jail Host Routing Table:
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            x.x.0.1         UGS      vtnet0
> 10.8.0.0           10.8.0.2           UGS        tun0
> 10.8.0.1              link#5             UHS         lo0
> 10.8.0.2              link#5             UH         tun0
> x.x.0.0/18          link#1             U        vtnet0
> x.x.x.x                 link#1             UHS         lo0
> localhost            link#3             UH          lo0
> 172.16.1.1         link#4             UH          lo1
> 172.16.1.2         link#4             UH          lo1
> 172.16.1.3         link#4             UH          lo1
> 172.16.1.4         link#4             UH          lo1
> 172.16.1.5         link#4             UH          lo1
> 172.16.1.6         link#4             UH          lo1
> 172.16.1.7         link#4             UH          lo1
> 172.16.1.8         link#4             UH          lo1
> 
> Client Routing Table:
> 
> IPv4 Route Table
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>           0.0.0.0          0.0.0.0         10.8.0.5         10.8.0.6     20
>          10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     20
>          10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
>          10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
>          10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
> 
> 
> 
> I'm a little stumped as to how to trouble shoot the issue so any help much appreciated.
> 
> 
> James
> 
> 
> 
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
> 

Try running 'tcpdump -i tun0 -n' on the host, while pining from the
windows machine, and see if the packets are arriving.

-- 
Allan Jude

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20151023/3c4410f8/attachment.bin>

More information about the freebsd-jail mailing list