Routing IP traffic from client through server openvpn tunnel?

Jon Radel jon at radel.com
Sat Jul 4 23:04:58 UTC 2020 

On 7/4/20 14:46, Kurt Hackenberg wrote:
> On 2020-07-04 09:36, Bob Willcox wrote:
>
>>
>> This is the routing table on my gateway system:
>>
>> Internet:
>> Destination        Gateway            Flags     Netif Expire
>> default            108.84.10.14       UGS        igb0
>> 10.1.132.0/23      link#2             U           em0
>> 10.1.132.1         link#2             UHS         lo0
>> 10.4.0.1           link#4             UH         tun0
>> 10.4.0.2           link#4             UHS         lo0
>> 108.84.10.8/29     link#1             U          igb0
>> 108.84.10.9        link#1             UHS         lo0
>> 108.84.10.13       link#1             UHS         lo0
>> 127.0.0.1          link#3             UH          lo0
>> 192.168.2.0/24     10.4.0.1           UGS        tun0
>>
>>
>
>
> Well, the subnet masks of network 10 look a little strange to me.
> What's the subnet mask of the tunnel (10.4.0.0)? Remember that network
> 10 is class A, default mask /8.
>
> Also, 10.1.132.0/23? Not /24, or /16? Also, I'm not sure it works to
> have different subnet masks on different subnets of an IP network. At
> least, it's more straightforward to make them all the same, and net 10
> has plenty of address space to do that.
> _______________________________________________ 


Absolutely nothing wrong with /23.  Using only /24s and /16s makes your
reverse DNS a bit easier, but that's about it.  Of course it works to
have different size networks inside 10.0.0.0/8, once upon a time known
as a Class A network.  I will, however, agree that it's easier to make
sure that you're not overlapping networks, and other bad things, if you
make your networks all the same size, but that's purely a human problem. 

Bottom line:  CIDR happened decades ago, and it's time to move on.

Side note:  Even before CIDR subnetting, network 10 with different sized
subnets was a fine thing to do.  Unless you used RIP v1 or something
else that imposed constraints.

As for the original question:  I'd agree with two earlier answers that
the most likely underlying issues are lack of appropriate routes back
from the son's network or that maul doesn't have IPv4 forwarding turned on.

-- 
--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200704/335bff49/attachment.bin>

More information about the freebsd-questions mailing list