You are not logged in.
- Topics: Active | Unanswered
#1 2019-01-31 20:07:05
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 1,988
- Website
[abandoned] Routing over VPN Uplink - Packets do not traverse tunnel
I want to route between my home LAN and a remote LAN over a VPN tunnel between my home server and a remote server.
Here's the setup:
_________________ _____________ __________________
________| |______ _________| |________ __________| |
| | | | | | | | | | |
Remote-LAN---| enp1s0 | remote-server | tun1 |---VPN-Tunnel---| uplink0 | home server | enp2s0 |---Home-LAN---| Ethernet | Windows Notebook |
|________| |______| |_________| |________| |__________| |
|_________________| |_____________| |__________________|Remote Server
Interfaces:
enp1s0: 192.168.178.10/24
tun1: 10.11.0.2/24Routes:
default via 192.168.178.1 dev enp1s0 proto static
10.11.0.0/24 dev tun1 proto kernel scope link src 10.11.0.2
172.23.56.0/24 via 10.11.0.1 dev tun1
192.168.178.0/24 dev enp1s0 proto kernel scope link src 192.168.178.10Routing enabled:
# cat /etc/sysctl.d/30-ipforward.conf
net.ipv4.ip_forward=1Firewall:
-A ufw-user-input -i tun1 -j ACCEPThome server
Interfaces:
enp2s0: 172.23.56.2/24
uplink0: 10.11.0.1/24Routes:
default via 172.23.56.254 dev enp2s0 proto static
10.11.0.0/24 dev uplink0 proto kernel scope link src 10.11.0.1
172.23.56.0/24 dev enp2s0 proto kernel scope link src 172.23.56.2
192.168.178.0/24 via 10.11.0.2 dev uplink0Routing enabled:
$ cat /etc/sysctl.d/routing.conf
net.ipv4.ip_forward = 1Firewall:
table inet filter {
chain input {
type filter hook input priority 0; policy accept;
ct state { established, related } accept
ct state invalid drop
iifname "lo" accept
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
iifname "enp2s0" tcp dport ssh accept
tcp dport { http, https } accept
udp dport { openvpn, 1195 } accept
iifname "game0" jump game-vpn
reject
}
chain game-vpn {
tcp dport 25565 accept
}
chain forward {
type filter hook forward priority 0; policy accept;
ip saddr 172.23.56.0/24 ip daddr 192.168.178.0/24 accept
ip saddr 192.168.178.0/24 ip daddr 172.23.56.0/24 accept
drop
}
chain output {
type filter hook output priority 0; policy accept;
}
}Notebook (Win 10)
Interface
Ethernet: 172.23.56.20Route:
192.168.178.0 255.255.255.0 172.23.56.2 172.23.56.20 51Unfortunately, when I ping from the notebook to the remote LAN
ping 192.168.178.10I get timeouts.
The echo request seems to get forwarded and reaches the home server's VPN interface:
$ sudo tcpdump -i uplink0 "host 172.23.56.20"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on uplink0, link-type RAW (Raw IP), capture size 262144 bytes
21:03:56.651706 IP gamebook.fritz.box > 192.168.178.10: ICMP echo request, id 1, seq 265, length 40
21:04:01.284635 IP gamebook.fritz.box > 192.168.178.10: ICMP echo request, id 1, seq 266, length 40
21:04:06.289546 IP gamebook.fritz.box > 192.168.178.10: ICMP echo request, id 1, seq 267, length 40But they don't reach the remote VPN interface:
tcpdump -i tun1 "host 172.23.56.20"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun1, link-type RAW (Raw IP), capture size 262144 bytes
<a whole lotta nothing>What am I missing?
Update:
I will ask on SE.
Last edited by schard (2019-02-05 09:08:16)
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline