Routing Problem in Test Network
-
I checked and was able to run that command, but I was getting "RTNETLINK answers: File exists" as a response.
To check, I looked at the IP routing tables:Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.57.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.58.0 192.168.80.1 255.255.255.0 UG 0 0 0 tun0
192.168.80.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0(Note that due to this being on vagrant, the first gateway is used to provision the machine.)
-
So the necessary route is set fine as the routing table shows.
Has it been already set before you were running that command? -
The route was set before running the command.
I've started and stopped the openVPN client several times on the machine, so it may have been set earlier.
-
"192.168.57.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1"
That route is not going down your tunnel.. So how would you expect to get their through the tunnel.. Seems your client is trying to go out eth1 to get there. With no gateway so it thinks that network is on its eth1 interface.
-
I think, that's just the way how his OS prints networks connected directly to an interface. The line has only an U-flag, no G for a gateway.
It the same as
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 -
Now, as the route is set as it should be, why do you think, you have a routing problem?
Try to ping pfSense internal address and see if you get a response.
-
As of now, I can ping the internal ip of pfsense and get a positive response.
Attempting to ping the internal machine gets me no response whatsoever.
-
Check the firewall of the internal machine.
-
The target machine is an ubuntu server VM.
sudo ufw status
Status: inactive -
And its default gateway is set to 192.168.58.2 (the pfSense internal address)?
-
Oh my bad.. I was reading that you wanted to get to 192.168.57… ooops..
If you can ping the internal IP address of pfsense then your tunnel is up and routing that network down the tunnel. Not being able to get to the machine on the network behind pfsense points to problem on the machine. As viragomann pointed out host firewall and or wrong gateway on the host not pointing back to pfsense are 2 very common problems.
Just because ufw is not running does not mean for example iptables is not running.. I run iptables on my ubuntu vms not ufw..
-
The routing table on the internal machine looks like:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.58.0 * 255.255.255.0 U 0 0 0 eth1Also, I checked and iptables is all accept rules.
-
Well how is that going to work??
Your sending unknown networks out 10.0.2.2
So how exactly would it get to the vpn clients ip on 192.168.80.0/24
Your going to have to create a host route on this machine pointing 192.168.80.0/24 to the 192.168.58 IP of pfsense.
Or you would have to source nat your vpn clients to look like they are coming from the 192.168.58 IP of pfsense so your host there knows how to talk to it.
-
I was able to resolve the problem! There was some weirdness going on because I had set up the machine on an internal network.
johnpoz was right, in that the problem was in the routing table of the internal machine. Once I fixed the internal machine to use the firewall as a gateway, I was able to VPN to it from the external machine.
