Re: [Openvpn-users] "redirect-gateway def1 bypass-dhcp" / Options error: in --iroute: Bad network/s

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

On 29/12/14 13:25, Erich Titl wrote:
> Hi MIchael
>
> Am 29.12.2014 um 12:05 schrieb mi...@ha...:
>> root@interconit:~# tcpdump -i tun0
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
>> 02:40:34.605131 IP 10.8.0.6.28196 > 74.207.241.5.domain: 53216+ A?
>> google.com. (28)
>> 02:40:34.605177 IP 10.8.0.6.28196 > 74.207.242.5.domain: 53216+ A?
>> google.com. (28)
>> 02:40:35.607297 IP 10.8.0.6.6962 > 74.207.241.5.domain: 62681+ PTR?
>> 5.241.207.74.in-addr.arpa. (43)
>> 02:40:35.607339 IP 10.8.0.6.6962 > 74.207.242.5.domain: 62681+ PTR?
>> 5.241.207.74.in-addr.arpa. (43)
>> 02:40:39.610630 IP 10.8.0.6.28196 > 74.207.241.5.domain: 53216+ A?
>> google.com. (28)
> I am assuming that this is the server side. If this is true, then your
> OpenVPN connection appears to work.
>
> The system on 10.8.0.6 tries to resolve google.com using 74.207.241.5 as
> the DNS server. Does the server on 74.207.241.5 know how to route the
> answers back to 10.8.0.6, if not, do you NAT this somewhere?
>
>> root@interconit:~# ip addr
>> ...
>> 44: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast state UNKNOWN group default qlen 100
>>      link/none
>>      inet 10.8.0.6 peer 10.8.0.5/32 scope global tun1
>>         valid_lft forever preferred_lft forever
>>
>> root@interconit:~# route
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
>> default         10.8.0.5        128.0.0.0       UG    0      0        0 tun1
>> default         173.255.210.1   0.0.0.0         UG    0      0        0 eth0
>> 10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
>> 10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun1
>> 10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
>> 10.8.0.5        *               255.255.255.255 UH    0      0        0 tun1
>> 117.150.0.0     173.255.210.1   255.255.0.0     UG    0      0        0 eth0
>> 128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun1
>> 173.255.0.0     *               255.255.0.0     U     0      0        0 eth0
>> 173.255.210.130 173.255.210.1   255.255.255.255 UGH   0      0        0 eth0
>> 183.93.0.0      173.255.210.1   255.255.0.0     UG    0      0        0 eth0
>>
>> So, when I ping from my OpenVPN to any domain/IP on the Internet, it just
>> hangs.
>>
>> Suggestions?

I did not see the original post but your route output looks quite odd: 
there are two tun devices, tun0 and tun1; 10.8.0.2 is routed via tun0 , 
but 10.8.0.6 and 10.8.0.1 are routed via tun1 ?!?!?
Check your setup if this is really what you intend - if you are using 
two openvpn setups simultaneously then use different subnets.

JM2CW,

JJK

Re: [Openvpn-users] "redirect-gateway def1 bypass-dhcp" / Options error: in --iroute: Bad network/s

Robust and flexible VPN network tunnelling

Re: [Openvpn-users] "redirect-gateway def1 bypass-dhcp" / Options error: in --iroute: Bad network/subnet specification