Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
Hello all, I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run OpenVPN. I'm not using vimage and don't particularly want to but I'm having an issue with networking. OpenVPN daemon is up and running and I can connect successfully as a client. I receive an IP address as expected, but I cannot route traffic to/from client/server. The routing table on the client (which is a Windows machine) looks fine so I assume the issue is on the server side. I have a tun interface created on the host and exposed to the jail via devfs rules. The IP address on the tun interface is configure on the host and not from the jail. I can ping the tun interface IP from the host and the jail, but not from the client when connected. Client-public IP - lo1 (Jail alias Interface)--tun0 (OpenVPN Interface) 10.8.06 x.x.x.x 172.16.1.8 10.8.0.1 OpenVPN Jail Routing Table: Internet: DestinationGatewayFlags Netif Expire 172.16.1.8 link#4 UH lo1 Jail Host Routing Table: Internet: DestinationGatewayFlags Netif Expire defaultx.x.0.1 UGS vtnet0 10.8.0.0 10.8.0.2 UGStun0 10.8.0.1 link#5 UHS lo0 10.8.0.2 link#5 UH tun0 x.x.0.0/18 link#1 Uvtnet0 x.x.x.x link#1 UHS lo0 localhostlink#3 UH lo0 172.16.1.1 link#4 UH lo1 172.16.1.2 link#4 UH lo1 172.16.1.3 link#4 UH lo1 172.16.1.4 link#4 UH lo1 172.16.1.5 link#4 UH lo1 172.16.1.6 link#4 UH lo1 172.16.1.7 link#4 UH lo1 172.16.1.8 link#4 UH lo1 Client Routing Table: IPv4 Route Table === Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 I'm a little stumped as to how to trouble shoot the issue so any help much appreciated. James ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
On 2015-10-23 11:37, James Lodge wrote: > Hello all, > > > I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run > OpenVPN. I'm not using vimage and don't particularly want to but I'm having > an issue with networking. > > > OpenVPN daemon is up and running and I can connect successfully as a client. > I receive an IP address as expected, but I cannot route traffic to/from > client/server. The routing table on the client (which is a Windows machine) > looks fine so I assume the issue is on the server side. I have a tun > interface created on the host and exposed to the jail via devfs rules. The IP > address on the tun interface is configure on the host and not from the jail. > I can ping the tun interface IP from the host and the jail, but not from the > client when connected. > > > Client-public IP - lo1 (Jail alias Interface)--tun0 > (OpenVPN Interface) > > 10.8.06 x.x.x.x 172.16.1.8 > 10.8.0.1 > > > > OpenVPN Jail Routing Table: > > Internet: > DestinationGatewayFlags Netif Expire > 172.16.1.8 link#4 UH lo1 > > Jail Host Routing Table: > Internet: > DestinationGatewayFlags Netif Expire > defaultx.x.0.1 UGS vtnet0 > 10.8.0.0 10.8.0.2 UGStun0 > 10.8.0.1 link#5 UHS lo0 > 10.8.0.2 link#5 UH tun0 > x.x.0.0/18 link#1 Uvtnet0 > x.x.x.x link#1 UHS lo0 > localhostlink#3 UH lo0 > 172.16.1.1 link#4 UH lo1 > 172.16.1.2 link#4 UH lo1 > 172.16.1.3 link#4 UH lo1 > 172.16.1.4 link#4 UH lo1 > 172.16.1.5 link#4 UH lo1 > 172.16.1.6 link#4 UH lo1 > 172.16.1.7 link#4 UH lo1 > 172.16.1.8 link#4 UH lo1 > > Client Routing Table: > > IPv4 Route Table > === > Active Routes: > Network DestinationNetmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 > 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 > 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 > 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 > 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 > > > > I'm a little stumped as to how to trouble shoot the issue so any help much > appreciated. > > > James > > > > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > Try running 'tcpdump -i tun0 -n' on the host, while pining from the windows machine, and see if the packets are arriving. -- Allan Jude signature.asc Description: OpenPGP digital signature
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
> On 2015-10-23 11:37, James Lodge wrote: > Hello all, > > > I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run > OpenVPN. I'm not using vimage and don't particularly want to but I'm having > an issue with networking. > > > OpenVPN daemon is up and running and I can connect successfully as a client. > I receive an IP address as expected, but I cannot route traffic to/from > client/server. The routing table on the client (which is a Windows machine) > looks fine so I assume the issue is on the server side. I have a tun > interface created on the host and exposed to the jail via devfs rules. The IP > address on the tun interface is configure on the host and not from the jail. > I can ping the tun interface IP from the host and the jail, but not from the > client when connected. > > > Client-public IP - lo1 (Jail alias Interface)--tun0 > (OpenVPN Interface) > > 10.8.06 x.x.x.x 172.16.1.8 > 10.8.0.1 > > > > OpenVPN Jail Routing Table: > > Internet: > DestinationGatewayFlags Netif Expire > 172.16.1.8 link#4 UH lo1 > > Jail Host Routing Table: > Internet: > DestinationGatewayFlags Netif Expire > defaultx.x.0.1 UGS vtnet0 > 10.8.0.0 10.8.0.2 UGStun0 > 10.8.0.1 link#5 UHS lo0 > 10.8.0.2 link#5 UH tun0 > x.x.0.0/18 link#1 Uvtnet0 > x.x.x.x link#1 UHS lo0 > localhostlink#3 UH lo0 > 172.16.1.1 link#4 UH lo1 > 172.16.1.2 link#4 UH lo1 > 172.16.1.3 link#4 UH lo1 > 172.16.1.4 link#4 UH lo1 > 172.16.1.5 link#4 UH lo1 > 172.16.1.6 link#4 UH lo1 > 172.16.1.7 link#4 UH lo1 > 172.16.1.8 link#4 UH lo1 > > Client Routing Table: > > IPv4 Route Table > === > Active Routes: > Network DestinationNetmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 > 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 > 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 > 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 > 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 > > > > I'm a little stumped as to how to trouble shoot the issue so any help much > appreciated. > > > James > > > > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > > Try running 'tcpdump -i tun0 -n' on the host, while pining from the > windows machine, and see if the packets are arriving. > >-- >Allan Jude Thank you Allan, I should have thought of tcpdump. So traffic is being received at the host from the windows client. Results from Host tcpdump -i tun0 -n 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, length 40 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. (34) 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. (34) After that I thought I'd see if the traffic is reaching the jail. After allow the jail access to /dev/bpf I get the same results as the host, traffic is received. Results from Jail tcpdump -i tun0 -n 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34) 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. (34) 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34) 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 3107463099, win 65535, options [mss 1368,nop,nop,sackOK], length 0 19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34) Regards James ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
On 2015-10-23 14:13, James Lodge wrote: >> On 2015-10-23 11:37, James Lodge wrote: >> Hello all, >> >> >> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run >> OpenVPN. I'm not using vimage and don't particularly want to but I'm having >> an issue with networking. >> >> >> OpenVPN daemon is up and running and I can connect successfully as a client. >> I receive an IP address as expected, but I cannot route traffic to/from >> client/server. The routing table on the client (which is a Windows machine) >> looks fine so I assume the issue is on the server side. I have a tun >> interface created on the host and exposed to the jail via devfs rules. The >> IP address on the tun interface is configure on the host and not from the >> jail. I can ping the tun interface IP from the host and the jail, but not >> from the client when connected. >> >> >> Client-public IP - lo1 (Jail alias Interface)--tun0 >> (OpenVPN Interface) >> >> 10.8.06 x.x.x.x 172.16.1.8 >> 10.8.0.1 >> >> >> >> OpenVPN Jail Routing Table: >> >> Internet: >> DestinationGatewayFlags Netif Expire >> 172.16.1.8 link#4 UH lo1 >> >> Jail Host Routing Table: >> Internet: >> DestinationGatewayFlags Netif Expire >> defaultx.x.0.1 UGS vtnet0 >> 10.8.0.0 10.8.0.2 UGStun0 >> 10.8.0.1 link#5 UHS lo0 >> 10.8.0.2 link#5 UH tun0 >> x.x.0.0/18 link#1 Uvtnet0 >> x.x.x.x link#1 UHS lo0 >> localhostlink#3 UH lo0 >> 172.16.1.1 link#4 UH lo1 >> 172.16.1.2 link#4 UH lo1 >> 172.16.1.3 link#4 UH lo1 >> 172.16.1.4 link#4 UH lo1 >> 172.16.1.5 link#4 UH lo1 >> 172.16.1.6 link#4 UH lo1 >> 172.16.1.7 link#4 UH lo1 >> 172.16.1.8 link#4 UH lo1 >> >> Client Routing Table: >> >> IPv4 Route Table >> === >> Active Routes: >> Network DestinationNetmask Gateway Interface Metric >> 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 >> 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 >> 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 >> 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 >> 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 >> >> >> >> I'm a little stumped as to how to trouble shoot the issue so any help much >> appreciated. >> >> >> James >> >> >> >> ___ >> freebsd-jail@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >> > >> Try running 'tcpdump -i tun0 -n' on the host, while pining from the >> windows machine, and see if the packets are arriving. >> >> -- >> Allan Jude > > > Thank you Allan, > > I should have thought of tcpdump. So traffic is being received at the host > from the windows client. > > Results from Host tcpdump -i tun0 -n > > 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, > length 40 > 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq > 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 > 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. > (34) > 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. > (34) > > After that I thought I'd see if the traffic is reaching the jail. After allow > the jail access to /dev/bpf I get the same results as the host, traffic is > received. > > Results from Jail tcpdump -i tun0 -n > > 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. > (34) > 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. > (34) > 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. > (34) > 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq > 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 > 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq > 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 > 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq > 3107463099, win 65535, options [mss 1368,nop,nop,sackOK], length 0 > 19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. > (34) > > > Regards > James > _
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
On 2015-10-23 14:13, James Lodge wrote: >> On 2015-10-23 11:37, James Lodge wrote: >> Hello all, >> >> >> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run >> OpenVPN. I'm not using vimage and don't particularly want to but I'm having >> an issue with networking. >> >> >> OpenVPN daemon is up and running and I can connect successfully as a client. >> I receive an IP address as expected, but I cannot route traffic to/from >> client/server. The routing table on the client (which is a Windows machine) >> looks fine so I assume the issue is on the server side. I have a tun >> interface created on the host and exposed to the jail via devfs rules. The >> IP address on the tun interface is configure on the host and not from the >> jail. I can ping the tun interface IP from the host and the jail, but not >> from the client when connected. >> >> >> Client-public IP - lo1 (Jail alias Interface)--tun0 >> (OpenVPN Interface) >> >> 10.8.06 x.x.x.x 172.16.1.8 >> 10.8.0.1 >> >> >> >> OpenVPN Jail Routing Table: >> >> Internet: >> DestinationGatewayFlags Netif Expire >> 172.16.1.8 link#4 UH lo1 >> >> Jail Host Routing Table: >> Internet: >> DestinationGatewayFlags Netif Expire >> defaultx.x.0.1 UGS vtnet0 >> 10.8.0.0 10.8.0.2 UGStun0 >> 10.8.0.1 link#5 UHS lo0 >> 10.8.0.2 link#5 UH tun0 >> x.x.0.0/18 link#1 Uvtnet0 >> x.x.x.x link#1 UHS lo0 >> localhostlink#3 UH lo0 >> 172.16.1.1 link#4 UH lo1 >> 172.16.1.2 link#4 UH lo1 >> 172.16.1.3 link#4 UH lo1 >> 172.16.1.4 link#4 UH lo1 >> 172.16.1.5 link#4 UH lo1 >> 172.16.1.6 link#4 UH lo1 >> 172.16.1.7 link#4 UH lo1 >> 172.16.1.8 link#4 UH lo1 >> >> Client Routing Table: >> >> IPv4 Route Table >> === >> Active Routes: >> Network DestinationNetmask Gateway Interface Metric >> 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 >> 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 >> 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 >> 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 >> 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 >> >> >> >> I'm a little stumped as to how to trouble shoot the issue so any help much >> appreciated. >> >> >> James >> >> >> >> ___ >> freebsd-jail@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >> > >> Try running 'tcpdump -i tun0 -n' on the host, while pining from the >> windows machine, and see if the packets are arriving. >> >> -- >> Allan Jude > > > Thank you Allan, > > I should have thought of tcpdump. So traffic is being received at the host > from the windows client. > > Results from Host tcpdump -i tun0 -n > > 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, > length 40 > 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq > 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 > 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. > (34) > 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. > (34) > > After that I thought I'd see if the traffic is reaching the jail. After allow > the jail access to /dev/bpf I get the same results as the host, traffic is > received. > > Results from Jail tcpdump -i tun0 -n > > 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. > (34) > 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. > (34) > 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. > (34) > 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq > 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 > 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq > 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0 > 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq > 3107463099, win 65535, options [mss 1368,nop,nop,sackOK], length 0 > 19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. > (34) > > > Regards > James > ___
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
On 2015-10-23 15:15, James Lodge wrote: > On 2015-10-23 14:13, James Lodge wrote: >>> On 2015-10-23 11:37, James Lodge wrote: >>> Hello all, >>> >>> >>> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run >>> OpenVPN. I'm not using vimage and don't particularly want to but I'm having >>> an issue with networking. >>> >>> >>> OpenVPN daemon is up and running and I can connect successfully as a >>> client. I receive an IP address as expected, but I cannot route traffic >>> to/from client/server. The routing table on the client (which is a Windows >>> machine) looks fine so I assume the issue is on the server side. I have a >>> tun interface created on the host and exposed to the jail via devfs rules. >>> The IP address on the tun interface is configure on the host and not from >>> the jail. I can ping the tun interface IP from the host and the jail, but >>> not from the client when connected. >>> >>> >>> Client-public IP - lo1 (Jail alias Interface)--tun0 >>> (OpenVPN Interface) >>> >>> 10.8.06 x.x.x.x 172.16.1.8 >>>10.8.0.1 >>> >>> >>> >>> OpenVPN Jail Routing Table: >>> >>> Internet: >>> DestinationGatewayFlags Netif Expire >>> 172.16.1.8 link#4 UH lo1 >>> >>> Jail Host Routing Table: >>> Internet: >>> DestinationGatewayFlags Netif Expire >>> defaultx.x.0.1 UGS vtnet0 >>> 10.8.0.0 10.8.0.2 UGStun0 >>> 10.8.0.1 link#5 UHS lo0 >>> 10.8.0.2 link#5 UH tun0 >>> x.x.0.0/18 link#1 Uvtnet0 >>> x.x.x.x link#1 UHS lo0 >>> localhostlink#3 UH lo0 >>> 172.16.1.1 link#4 UH lo1 >>> 172.16.1.2 link#4 UH lo1 >>> 172.16.1.3 link#4 UH lo1 >>> 172.16.1.4 link#4 UH lo1 >>> 172.16.1.5 link#4 UH lo1 >>> 172.16.1.6 link#4 UH lo1 >>> 172.16.1.7 link#4 UH lo1 >>> 172.16.1.8 link#4 UH lo1 >>> >>> Client Routing Table: >>> >>> IPv4 Route Table >>> === >>> Active Routes: >>> Network DestinationNetmask Gateway Interface Metric >>> 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 >>> 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 >>> 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 >>> 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 >>> 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 >>> >>> >>> >>> I'm a little stumped as to how to trouble shoot the issue so any help much >>> appreciated. >>> >>> >>> James >>> >>> >>> >>> ___ >>> freebsd-jail@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail >>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >>> >> >>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the >>> windows machine, and see if the packets are arriving. >>> >>> -- >>> Allan Jude >> >> >> Thank you Allan, >> >> I should have thought of tcpdump. So traffic is being received at the host >> from the windows client. >> >> Results from Host tcpdump -i tun0 -n >> >> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, >> length 40 >> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq >> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 >> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >> (34) >> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >> (34) >> >> After that I thought I'd see if the traffic is reaching the jail. After >> allow the jail access to /dev/bpf I get the same results as the host, >> traffic is received. >> >> Results from Jail tcpdump -i tun0 -n >> >> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >> (34) >> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. >> (34) >> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >> (34) >> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq >> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0 >> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq >> 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0 >> 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq >> 3107463099, win 65535, options [mss
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
>On 2015-10-23 15:15, James Lodge wrote: > On 2015-10-23 14:13, James Lodge wrote: >>> On 2015-10-23 11:37, James Lodge wrote: >>> Hello all, >>> >>> >>> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run >>> OpenVPN. I'm not using vimage and don't particularly want to but I'm having >>> an issue with networking. >>> >>> >>> OpenVPN daemon is up and running and I can connect successfully as a >>> client. I receive an IP address as expected, but I cannot route traffic >>> to/from client/server. The routing table on the client (which is a Windows >>> machine) looks fine so I assume the issue is on the server side. I have a >>> tun interface created on the host and exposed to the jail via devfs rules. >>> The IP address on the tun interface is configure on the host and not from >>> the jail. I can ping the tun interface IP from the host and the jail, but >>> not from the client when connected. >>> >>> >>> Client-public IP - lo1 (Jail alias Interface)--tun0 >>> (OpenVPN Interface) >>> >>> 10.8.06 x.x.x.x 172.16.1.8 >>>10.8.0.1 >>> >>> >>> >>> OpenVPN Jail Routing Table: >>> >>> Internet: >>> DestinationGatewayFlags Netif Expire >>> 172.16.1.8 link#4 UH lo1 >>> >>> Jail Host Routing Table: >>> Internet: >>> DestinationGatewayFlags Netif Expire >>> defaultx.x.0.1 UGS vtnet0 >>> 10.8.0.0 10.8.0.2 UGStun0 >>> 10.8.0.1 link#5 UHS lo0 >>> 10.8.0.2 link#5 UH tun0 >>> x.x.0.0/18 link#1 Uvtnet0 >>> x.x.x.x link#1 UHS lo0 >>> localhostlink#3 UH lo0 >>> 172.16.1.1 link#4 UH lo1 >>> 172.16.1.2 link#4 UH lo1 >>> 172.16.1.3 link#4 UH lo1 >>> 172.16.1.4 link#4 UH lo1 >>> 172.16.1.5 link#4 UH lo1 >>> 172.16.1.6 link#4 UH lo1 >>> 172.16.1.7 link#4 UH lo1 >>> 172.16.1.8 link#4 UH lo1 >>> >>> Client Routing Table: >>> >>> IPv4 Route Table >>> === >>> Active Routes: >>> Network DestinationNetmask Gateway Interface Metric >>> 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 >>> 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 >>> 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 >>> 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 >>> 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 >>> >>> >>> >>> I'm a little stumped as to how to trouble shoot the issue so any help much >>> appreciated. >>> >>> >>> James >>> >>> >>> >>> ___ >>> freebsd-jail@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail >>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >>> >> >>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the >>> windows machine, and see if the packets are arriving. >>> >>> -- >>> Allan Jude >> >> >> Thank you Allan, >> >> I should have thought of tcpdump. So traffic is being received at the host >> from the windows client. >> >> Results from Host tcpdump -i tun0 -n >> >> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, >> length 40 >> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq >> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 >> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >> (34) >> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >> (34) >> >> After that I thought I'd see if the traffic is reaching the jail. After >> allow the jail access to /dev/bpf I get the same results as the host, >> traffic is received. >> >> Results from Jail tcpdump -i tun0 -n >> >> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >> (34) >> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. >> (34) >> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >> (34) >> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq >> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0 >> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq >> 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0 >> 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq >> 3107463099, win 65535, options [m
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
On 2015-10-23 16:45, James Lodge wrote: > >> On 2015-10-23 15:15, James Lodge wrote: >> On 2015-10-23 14:13, James Lodge wrote: On 2015-10-23 11:37, James Lodge wrote: Hello all, I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run OpenVPN. I'm not using vimage and don't particularly want to but I'm having an issue with networking. OpenVPN daemon is up and running and I can connect successfully as a client. I receive an IP address as expected, but I cannot route traffic to/from client/server. The routing table on the client (which is a Windows machine) looks fine so I assume the issue is on the server side. I have a tun interface created on the host and exposed to the jail via devfs rules. The IP address on the tun interface is configure on the host and not from the jail. I can ping the tun interface IP from the host and the jail, but not from the client when connected. Client-public IP - lo1 (Jail alias Interface)--tun0 (OpenVPN Interface) 10.8.06 x.x.x.x 172.16.1.8 10.8.0.1 OpenVPN Jail Routing Table: Internet: DestinationGatewayFlags Netif Expire 172.16.1.8 link#4 UH lo1 Jail Host Routing Table: Internet: DestinationGatewayFlags Netif Expire defaultx.x.0.1 UGS vtnet0 10.8.0.0 10.8.0.2 UGStun0 10.8.0.1 link#5 UHS lo0 10.8.0.2 link#5 UH tun0 x.x.0.0/18 link#1 Uvtnet0 x.x.x.x link#1 UHS lo0 localhostlink#3 UH lo0 172.16.1.1 link#4 UH lo1 172.16.1.2 link#4 UH lo1 172.16.1.3 link#4 UH lo1 172.16.1.4 link#4 UH lo1 172.16.1.5 link#4 UH lo1 172.16.1.6 link#4 UH lo1 172.16.1.7 link#4 UH lo1 172.16.1.8 link#4 UH lo1 Client Routing Table: IPv4 Route Table === Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 I'm a little stumped as to how to trouble shoot the issue so any help much appreciated. James ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the windows machine, and see if the packets are arriving. -- Allan Jude >>> >>> >>> Thank you Allan, >>> >>> I should have thought of tcpdump. So traffic is being received at the host >>> from the windows client. >>> >>> Results from Host tcpdump -i tun0 -n >>> >>> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, >>> length 40 >>> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq >>> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 >>> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >>> (34) >>> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >>> (34) >>> >>> After that I thought I'd see if the traffic is reaching the jail. After >>> allow the jail access to /dev/bpf I get the same results as the host, >>> traffic is received. >>> >>> Results from Jail tcpdump -i tun0 -n >>> >>> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >>> (34) >>> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. >>> (34) >>> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >>> (34) >>> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq >>> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], >>> length 0 >>> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq >>> 4152048904, win 8192, opt
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
>On 2015-10-23 16:45, James Lodge wrote: > >> On 2015-10-23 15:15, James Lodge wrote: >> On 2015-10-23 14:13, James Lodge wrote: On 2015-10-23 11:37, James Lodge wrote: Hello all, I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run OpenVPN. I'm not using vimage and don't particularly want to but I'm having an issue with networking. OpenVPN daemon is up and running and I can connect successfully as a client. I receive an IP address as expected, but I cannot route traffic to/from client/server. The routing table on the client (which is a Windows machine) looks fine so I assume the issue is on the server side. I have a tun interface created on the host and exposed to the jail via devfs rules. The IP address on the tun interface is configure on the host and not from the jail. I can ping the tun interface IP from the host and the jail, but not from the client when connected. Client-public IP - lo1 (Jail alias Interface)--tun0 (OpenVPN Interface) 10.8.06 x.x.x.x 172.16.1.8 10.8.0.1 OpenVPN Jail Routing Table: Internet: DestinationGatewayFlags Netif Expire 172.16.1.8 link#4 UH lo1 Jail Host Routing Table: Internet: DestinationGatewayFlags Netif Expire defaultx.x.0.1 UGS vtnet0 10.8.0.0 10.8.0.2 UGStun0 10.8.0.1 link#5 UHS lo0 10.8.0.2 link#5 UH tun0 x.x.0.0/18 link#1 Uvtnet0 x.x.x.x link#1 UHS lo0 localhostlink#3 UH lo0 172.16.1.1 link#4 UH lo1 172.16.1.2 link#4 UH lo1 172.16.1.3 link#4 UH lo1 172.16.1.4 link#4 UH lo1 172.16.1.5 link#4 UH lo1 172.16.1.6 link#4 UH lo1 172.16.1.7 link#4 UH lo1 172.16.1.8 link#4 UH lo1 Client Routing Table: IPv4 Route Table === Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 10.8.0.4 255.255.255.252 On-link 10.8.0.6276 10.8.0.6 255.255.255.255 On-link 10.8.0.6276 10.8.0.7 255.255.255.255 On-link 10.8.0.6276 I'm a little stumped as to how to trouble shoot the issue so any help much appreciated. James ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" >>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the windows machine, and see if the packets are arriving. -- Allan Jude >>> >>> >>> Thank you Allan, >>> >>> I should have thought of tcpdump. So traffic is being received at the host >>> from the windows client. >>> >>> Results from Host tcpdump -i tun0 -n >>> >>> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, >>> length 40 >>> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq >>> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 >>> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >>> (34) >>> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. >>> (34) >>> >>> After that I thought I'd see if the traffic is reaching the jail. After >>> allow the jail access to /dev/bpf I get the same results as the host, >>> traffic is received. >>> >>> Results from Jail tcpdump -i tun0 -n >>> >>> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >>> (34) >>> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. >>> (34) >>> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. >>> (34) >>> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq >>> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], >>> length 0 >>> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq >>> 4152048904, win 8192, op
Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface
On 2015-10-23 17:25, James Lodge wrote: > >> On 2015-10-23 16:45, James Lodge wrote: >> >>> On 2015-10-23 15:15, James Lodge wrote: >>> On 2015-10-23 14:13, James Lodge wrote: > On 2015-10-23 11:37, James Lodge wrote: > Hello all, > > > I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run > OpenVPN. I'm not using vimage and don't particularly want to but I'm > having an issue with networking. > > > OpenVPN daemon is up and running and I can connect successfully as a > client. I receive an IP address as expected, but I cannot route traffic > to/from client/server. The routing table on the client (which is a > Windows machine) looks fine so I assume the issue is on the server side. > I have a tun interface created on the host and exposed to the jail via > devfs rules. The IP address on the tun interface is configure on the host > and not from the jail. I can ping the tun interface IP from the host and > the jail, but not from the client when connected. > > > Client-public IP - lo1 (Jail alias Interface)--tun0 > (OpenVPN Interface) > > 10.8.06 x.x.x.x 172.16.1.8 > 10.8.0.1 > > > > OpenVPN Jail Routing Table: > > Internet: > DestinationGatewayFlags Netif Expire > 172.16.1.8 link#4 UH lo1 > > Jail Host Routing Table: > Internet: > DestinationGatewayFlags Netif Expire > defaultx.x.0.1 UGS vtnet0 > 10.8.0.0 10.8.0.2 UGStun0 > 10.8.0.1 link#5 UHS lo0 > 10.8.0.2 link#5 UH tun0 > x.x.0.0/18 link#1 Uvtnet0 > x.x.x.x link#1 UHS lo0 > localhostlink#3 UH lo0 > 172.16.1.1 link#4 UH lo1 > 172.16.1.2 link#4 UH lo1 > 172.16.1.3 link#4 UH lo1 > 172.16.1.4 link#4 UH lo1 > 172.16.1.5 link#4 UH lo1 > 172.16.1.6 link#4 UH lo1 > 172.16.1.7 link#4 UH lo1 > 172.16.1.8 link#4 UH lo1 > > Client Routing Table: > > IPv4 Route Table > === > Active Routes: > Network DestinationNetmask Gateway Interface > Metric > 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 > 20 > 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 > 20 > 10.8.0.4 255.255.255.252 On-link 10.8.0.6 > 276 > 10.8.0.6 255.255.255.255 On-link 10.8.0.6 > 276 > 10.8.0.7 255.255.255.255 On-link 10.8.0.6 > 276 > > > > I'm a little stumped as to how to trouble shoot the issue so any help > much appreciated. > > > James > > > > ___ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > > Try running 'tcpdump -i tun0 -n' on the host, while pining from the > windows machine, and see if the packets are arriving. > > -- > Allan Jude Thank you Allan, I should have thought of tcpdump. So traffic is being received at the host from the windows client. Results from Host tcpdump -i tun0 -n 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, length 40 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. (34) 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. (34) After that I thought I'd see if the traffic is reaching the jail. After allow the jail access to /dev/bpf I get the same results as the host, traffic is received. Results from Jail tcpdump -i tun0 -n 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34) 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. (34) 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34) 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: F