Interesting routing issue
-
Hello!
I use 2.2 and Openvpn server in tun mode.
When client connects all is working as intended except one route goes wrong.See below:
Correct traceroute, traffic goes troug tunnel:
Tracing route to google-public-dns-a.google.com [8.8.8.8] over a maximum of 30 hops: 1 14 ms 14 ms 14 ms 10.15.20.1 2 15 ms 41 ms 15 ms 2903.burek.net [YY.YY.YY.1] 3 63 ms 23 ms 45 ms mx-vi1-te-0-0-0.burek.net [IP HERE] 4 44 ms 43 ms 43 ms 72.14.211.66 5 45 ms 45 ms 45 ms 216.239.46.115 6 45 ms 44 ms 45 ms 216.239.48.137 7 45 ms 45 ms 45 ms google-public-dns-a.google.com [8.8.8.8] Trace complete.
INCORRECT route, traffic goes trough local firewall instead of tunnel:
Tracing route to [XX.XX.XX.12] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms firewall.domain.local [192.168.1.1] 2 13 ms 13 ms 13 ms gw1.net [ZZ.ZZZ.0.1] 3 12 ms 12 ms 12 ms gw2.net [IP HERE] 4 13 ms 12 ms 13 ms six.burek.net [IP HERE] 5 14 ms 14 ms 13 ms [XX.XX.XX.12] Trace complete.
[XX.XX.XX.12] is my WAN IP.
So if I connect from anywhere and login to my website (I have no SSL) anyone with access to router I`m connected to could see my login details.
Why only WAN IP is routed trough local gateway instead of tunnel?Thanks!
-
Oh IPv6 is working great and as it should.
-
Well what are the routes on the box? Clearly you have route that says when trying to go [XX.XX.XX.12] go to firewall.domain.local [192.168.1.1]
-
At this point, we can't confirm anything, we need more info.
Post your server1.conf and the routing table from PFsense and a connected client.
-
I was thinking…
There is actually no need for routing table...
Let me explain.If I connect to XX.XX.XX.XX with openvpn, clearly XX.XX.XX.XX MUST go trough local firewall and not trough the tunnel. If it would go trough the tunnel, openvpn woul not work :)
So this is by design IMHO. -
That all depends on your config, routing and full tunnel vs split tunnel. We are all just speculating without looking at the config and your routing tables.