RESOLVED: Please help, such an odd routing problem

benutne

Update:

tcpdump shows packets being sent FROM suspect computer on site B.  No replies.  From a good computer on site B, tcpdump shows both packets sent and received.

FROM suspect PC on site B TO workstation on site A

listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
11:02:00.744498 IP 192.168.10.2 > 192.168.0.45: ICMP echo request, id 512, seq 21256, length 40
11:02:06.170690 IP 192.168.10.2 > 192.168.0.45: ICMP echo request, id 512, seq 21512, length 40
11:02:11.670552 IP 192.168.10.2 > 192.168.0.45: ICMP echo request, id 512, seq 21768, length 40
11:02:17.170557 IP 192.168.10.2 > 192.168.0.45: ICMP echo request, id 512, seq 22024, length 40

FROM a good PC on site B TO workstation on site A

listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
11:05:41.675919 IP 192.168.10.3 > 192.168.0.45: ICMP echo request, id 512, seq 52480, length 40
11:05:41.856486 IP 192.168.0.45 > 192.168.10.3: ICMP echo reply, id 512, seq 52480, length 40
11:05:42.670126 IP 192.168.10.3 > 192.168.0.45: ICMP echo request, id 512, seq 52736, length 40
11:05:42.945913 IP 192.168.0.45 > 192.168.10.3: ICMP echo reply, id 512, seq 52736, length 40
11:05:43.670091 IP 192.168.10.3 > 192.168.0.45: ICMP echo request, id 512, seq 52992, length 40
11:05:43.940606 IP 192.168.0.45 > 192.168.10.3: ICMP echo reply, id 512, seq 52992, length 40
11:05:44.670057 IP 192.168.10.3 > 192.168.0.45: ICMP echo request, id 512, seq 53248, length 40
11:05:44.934410 IP 192.168.0.45 > 192.168.10.3: ICMP echo reply, id 512, seq 53248, length 40
```Now here's where it starts to get weird. 

TO suspect PC on site B FROM workstation on site A

listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes

Notice there's nothing there?  Which is REALLY odd since the workstation got replies from 192.168.10.2 according to it. 

TO good PC on site B FROM workstation on site A

listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
11:16:04.925069 IP 192.168.0.45 > 192.168.10.3: ICMP echo request, id 768, seq 34048, length 40
11:16:04.925191 IP 192.168.10.3 > 192.168.0.45: ICMP echo reply, id 768, seq 34048, length 40
11:16:05.930602 IP 192.168.0.45 > 192.168.10.3: ICMP echo request, id 768, seq 34304, length 40
11:16:05.930719 IP 192.168.10.3 > 192.168.0.45: ICMP echo reply, id 768, seq 34304, length 40
11:16:06.760189 IP 192.168.0.45 > 192.168.10.3: ICMP echo request, id 768, seq 34560, length 40
11:16:06.760299 IP 192.168.10.3 > 192.168.0.45: ICMP echo reply, id 768, seq 34560, length 40
11:16:07.724386 IP 192.168.0.45 > 192.168.10.3: ICMP echo request, id 768, seq 34816, length 40
11:16:07.724504 IP 192.168.10.3 > 192.168.0.45: ICMP echo reply, id 768, seq 34816, length 40

Is it possible that someone on site B has a machine or something statically set to 192.168.10.2?  My DHCP scope is set to hand out IP's from 192.168.10.100-150 and the servers are the only thing that are set statically.

Cry Havok

Have you compared the subnet mask and default gateway on the good and suspect PCs on site B?

benutne

Update #2:  I got to thinking about the whole "rogue device" thing.  So I opened a browser and typed in 192.168.10.2.  Know what I got?  The site B router's home page.  How in the world did that IP get bound to my router?  This only happens when I browse to the site from site A.  On site B, I get nothing (no web service is installed on that server) which tells me it is a routing problem.

nocer

Hello,

I would check first subnet length/default gateway/routing table and assign addresses statically while shooting.

Can you ping 192.168.10.2 and 192.168.10.3 each other and what those arps look like by the way?

cheers,

benutne

@nocer:

Hello,

I would check first subnet length/default gateway/routing table and assign addresses statically while shooting.

Can you ping 192.168.10.2 and 192.168.10.3 each other and what those arps look like by the way?

cheers,

On which router should I check all these things?  192.168.10.2 and 192.168.10.3 can both ping each other just fine.  On site B, I did find this oddity in the routing table:

192.168.10.1 	192.168.10.2 	UH 	1 	0 	1500 	tun0 	 

I have no idea how it got there.  I never assigned 192.168.10.2 to anything.  And the TUN adapter tells me it has something to do with OpenVPN.  Site A is the server and B is the client for a site to site connecting using OpenVPN.

benutne

OK.  One more edit.  I'm getting close, but don't know how to fix this.

Sep 27 09:49:14 	openvpn[378]: WARNING: file '/var/etc/openvpn_client0.secret' is group or others accessible
Sep 27 09:49:14 	openvpn[378]: LZO compression initialized
Sep 27 09:49:14 	openvpn[378]: gw 192.168.100.1
Sep 27 09:49:14 	openvpn[378]: TUN/TAP device /dev/tun0 opened
Sep 27 09:49:14 	openvpn[378]: /sbin/ifconfig tun0 192.168.10.2 192.168.10.1 mtu 1500 netmask 255.255.255.255 up
Sep 27 09:49:14 	openvpn[378]: /etc/rc.filter_configure tun0 1500 1563 192.168.10.2 192.168.10.1 init
Sep 27 09:49:15 	openvpn[378]: Attempting to establish TCP connection with [SITE A PUBLIC IP]:1194
Sep 27 09:50:07 	openvpn[378]: /etc/rc.filter_configure tun0 1500 1563 192.168.10.2 192.168.10.1 init
Sep 27 09:50:08 	openvpn[378]: SIGHUP[hard,init_instance] received, process restarting
Sep 27 09:50:08 	openvpn[378]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
Sep 27 09:50:13 	openvpn[378]: WARNING: file '/var/etc/openvpn_client0.secret' is group or others accessible
Sep 27 09:50:13 	openvpn[378]: LZO compression initialized
Sep 27 09:50:13 	openvpn[378]: gw [SITE A PUBLIC IP]
Sep 27 09:50:13 	openvpn[378]: TUN/TAP device /dev/tun0 opened
Sep 27 09:50:13 	openvpn[378]: /sbin/ifconfig tun0 192.168.10.2 192.168.10.1 mtu 1500 netmask 255.255.255.255 up
Sep 27 09:50:13 	openvpn[378]: /etc/rc.filter_configure tun0 1500 1563 192.168.10.2 192.168.10.1 init
Sep 27 09:50:14 	openvpn[378]: Attempting to establish TCP connection with [SITE A PUBLIC IP]:1194
Sep 27 09:50:14 	openvpn[378]: TCP connection established with [SITE A PUBLIC IP]:1194
Sep 27 09:50:14 	openvpn[378]: TCPv4_CLIENT link local: [undef]
Sep 27 09:50:14 	openvpn[378]: TCPv4_CLIENT link remote: [SITE A PUBLIC IP]:1194
Sep 27 09:50:15 	openvpn[378]: Peer Connection Initiated with [SITE A PUBLIC IP]:1194
Sep 27 09:50:15 	openvpn[378]: Initialization Sequence Completed
Sep 27 09:50:24 	openvpn[378]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.10.2 192.168.10.1', remote='ifconfig 192.168.6.2 192.168.6.1'

So 192.168.10.2 is somehow getting hijacked by OpenVPN.  Thing is, the openVPN adapter ought be getting an IP in the 192.168.6.0/24 subnet.  I just checked another pfsense router that connects to site A and it shows me the same warning.  I use 192.168.1.0/24 there and OpenVPN is hijacking 192.168.1.2 as well.  Only thing is I don't use that IP in that subnet so it hasn't been a problem.

benutne

Another post.  I'm uploading images of my setup on both the client and server for VPN.

GruensFroeschli

Your interface IP on the client is wrong.
It should be 192.168.6.0/24

benutne

Resolved.  Change the "interface IP" to match the IP range specified in the "address pool" in the server config.  Stupid tutorial is WRONG.  When is someone going to fix this?

benutne

@GruensFroeschli:

Your interface IP on the client is wrong.
It should be 192.168.6.0/24

Yeah, I got that on my own :)  Thanks though.  The last post, your post actually, in this forum post explains the error.

nocer

Hi

err….address pool.... :P

cheers,