Routing IP traffic from client through server openvpn tunnel?

Jin Guojun[VFF] jguojun at gmail.com
Sat Jul 4 19:12:32 UTC 2020 

On 07/04/20 06:36, Bob Willcox wrote:
> My FreeBSD gateway system has an openvpn tunnel connected to my Son's network
> and when logged into the gateway system we can access his network throught the
> tunnel just fine. But from other systems in my network it doesn't work. The
> packets get over to the gateway system (maul) but no further.
>
> This is the routing table on my gateway system:
>
> Internet:
> Destination        Gateway            Flags     Netif Expire
> default            108.84.10.14       UGS        igb0
> 10.1.132.0/23      link#2             U           em0
> 10.1.132.1         link#2             UHS         lo0
> 10.4.0.1           link#4             UH         tun0
> 10.4.0.2           link#4             UHS         lo0
> 108.84.10.8/29     link#1             U          igb0
> 108.84.10.9        link#1             UHS         lo0
> 108.84.10.13       link#1             UHS         lo0
> 127.0.0.1          link#3             UH          lo0
> 192.168.2.0/24     10.4.0.1           UGS        tun0
>
> Here's a traceroute from the gateway system:
>
> bob at maul:2> traceroute 192.168.2.19
> traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets
>   1  coovas.knighthammer.com (10.4.0.1)  55.347 ms  53.420 ms  55.786 ms
>   2  192.168.2.19 (192.168.2.19)  50.291 ms  48.516 ms  55.858 ms
>
> And here is one from one of my other systems:
>
> bob at han:1> traceroute 192.168.2.19
> traceroute to 192.168.2.19 (192.168.2.19), 64 hops max, 40 byte packets
>   1  maul (10.1.132.1)  0.261 ms  0.256 ms  0.244 ms
>   2  * * *
>   3  * * *
>
> So my question is, what am I missing (likely on the gateway system) that would
> prevent the packets from other systems being routed to the tunnel?
>
> Thanks for any help,
> Bob
If the gateway a commercial box, this could happen as traffic from WAN 
port to LAN blocked by firewall.
If the gateway is built by a PC, then, you need to check ip_forwarding 
settings.

On end hosts, make sure masks match the port subnet mask on the gateway.
For han:1 case, both end hosts need to set specific router for routing 
192.168.2 to 10.1.132 and in reverse direction.
     han:1 # route add -net 192.168.2.0/24 a_proper_router_interface_IP
     the_other_host # route add -net 10.1.132.0/23 
a_proper_router_interface_IP

Above are most common issues in configuring network. If these things are 
all set properly, then
you need to provide more details and full topology of the network for 
analyzing the problem.

More information about the freebsd-questions mailing list