localhost routing issue with new OpenVPN install

Fabian Peters lists.fabian at e-lumo.com
Thu Jul 12 12:42:23 PDT 2007 

Hi all,

I'm facing a strange issue here, after having decommissioned an old
OpenVPN setup and replaced it with a new one. The old one was at home
in the 10.100.100.x range, the new one is in 10.10.10.x. My machine
(running OS X 10.4.10) is placed in a small LAN using 10.0.0.x, with
its primary IP being 10.0.0.6 and the router placed at 10.0.0.1.

While OpenVPN is not running, everything's fine. "netstat -rn" shows:

Destination Gateway            Flags   Refs   Use  Netif   Expire
default     10.0.0.1           UGSc      40     8    en0
10/24       link#4             UCS        3     0    en0
10.0.0.1    XX:XX:XX:XX:X:X    UHLW      38    33    en0   1154
10.0.0.6    127.0.0.1          UHS        0     0    lo0
10.0.0.7    XX:XX:XX:XX:X:X    UHLW       1  5001    en0    507
10.0.0.255  ff:ff:ff:ff:ff:ff  UHLWb      0     3    en0
127         127.0.0.1          UCS        0     0    lo0
127.0.0.1   127.0.0.1          UH        10  5865    lo0
169.254     link#7             UC         0     0    fw0

Internet6:
Destination     Gateway            Flags      Netif Expire
::1             link#1             UHL         lo0
fe80::%lo0/64   fe80::1%lo0        Uc          lo0
fe80::1%lo0     link#1             UHL         lo0
fe80::%en1/64   link#5             UC          en1
ff01::/32       ::1                U           lo0
ff02::/32       ::1                UC          lo0
ff02::/32       link#5             UC          en1

On connecting, OpenVPN issues the following commands:

ifconfig tun0 10.10.10.10 127.0.0.1 mtu 1500 netmask 255.255.255.255 up
route add -net 10.10.10.0 127.0.0.1 255.255.255.0

Which look fine to me and do succeed. "netstat -rn" then shows:

Destination  Gateway          Flags   Refs  Use  Netif Expire
default      10.0.0.1         UGSc      40    9    en0
10/24        link#4           UCS        2    0    en0
10.0.0.1     XX:XX:XX:XX:X:X  UHLW      38   33    en0    936
10.0.0.6     127.0.0.1        UHS        0    0    lo0
10.0.0.7     XX:XX:XX:XX:X:X  UHLW       1  408    en0    289
10.10.10/24  127.0.0.1        UGSc       1    8   tun0
127          127.0.0.1        UCS        0    0    lo0
127.0.0.1    127.0.0.1        UH        14  182    lo0
169.254      link#7           UC         0    0    fw0

Internet6:
Destination     Gateway            Flags      Netif Expire
::1             link#1             UHL         lo0
fe80::%lo0/64   fe80::1%lo0        Uc          lo0
fe80::1%lo0     link#1             UHL         lo0
fe80::%en1/64   link#5             UC          en1
ff01::/32       ::1                U           lo0
ff02::/32       ::1                UC          lo0
ff02::/32       link#5             UC          en1

Connections to the VPN are working flawlessly. But, connections to
127.0.0.1 are now established from the VPN IP. "lsof -i" shows the
following for a telnet-instance connecting to 127.0.0.1:

telnet   16347   502   3u  IPv4 0x4f6da8c   0t0  TCP  
10.10.10.10:54293->127.0.0.1:telnet (SYN_SENT)

There's no telnetd running on my host, so this should immediately  
return:

telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

But instead after some 30 seconds or so:

Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Operation timed out
telnet: Unable to connect to remote host

Why is this and how can I prevent this? This never occurred with my
old VPN installation. I even tried to put a metric on the tun
interface and a lower one on lo0, but to no avail.

Any hints greatly appreciated!

Fabian

More information about the MacOSX-admin mailing list