localhost routing issue with new OpenVPN install
Dan Shoop
shoop at iwiring.net
Thu Jul 12 14:18:46 PDT 2007
At 9:42 PM +0200 7/12/07, Fabian Peters wrote:
>Hi all,
>
>I'm facing a strange issue here, after having decommissioned an old
>OpenVPN setup and replaced it with a new one. The old one was at home
>in the 10.100.100.x range, the new one is in 10.10.10.x. My machine
>(running OS X 10.4.10) is placed in a small LAN using 10.0.0.x, with
>its primary IP being 10.0.0.6 and the router placed at 10.0.0.1.
>
>While OpenVPN is not running, everything's fine. "netstat -rn" shows:
>
>Destination Gateway Flags Refs Use Netif Expire
>default 10.0.0.1 UGSc 40 8 en0
>10/24 link#4 UCS 3 0 en0
>10.0.0.1 XX:XX:XX:XX:X:X UHLW 38 33 en0 1154
>10.0.0.6 127.0.0.1 UHS 0 0 lo0
>10.0.0.7 XX:XX:XX:XX:X:X UHLW 1 5001 en0 507
>10.0.0.255 ff:ff:ff:ff:ff:ff UHLWb 0 3 en0
>127 127.0.0.1 UCS 0 0 lo0
>127.0.0.1 127.0.0.1 UH 10 5865 lo0
>169.254 link#7 UC 0 0 fw0
>
>Internet6:
>Destination Gateway Flags Netif Expire
>::1 link#1 UHL lo0
>fe80::%lo0/64 fe80::1%lo0 Uc lo0
>fe80::1%lo0 link#1 UHL lo0
>fe80::%en1/64 link#5 UC en1
>ff01::/32 ::1 U lo0
>ff02::/32 ::1 UC lo0
>ff02::/32 link#5 UC en1
>
>On connecting, OpenVPN issues the following commands:
>
>ifconfig tun0 10.10.10.10 127.0.0.1 mtu 1500 netmask 255.255.255.255 up
>route add -net 10.10.10.0 127.0.0.1 255.255.255.0
>
>Which look fine to me and do succeed. "netstat -rn" then shows:
>
>Destination Gateway Flags Refs Use Netif Expire
>default 10.0.0.1 UGSc 40 9 en0
>10/24 link#4 UCS 2 0 en0
>10.0.0.1 XX:XX:XX:XX:X:X UHLW 38 33 en0 936
>10.0.0.6 127.0.0.1 UHS 0 0 lo0
>10.0.0.7 XX:XX:XX:XX:X:X UHLW 1 408 en0 289
>10.10.10/24 127.0.0.1 UGSc 1 8 tun0
>127 127.0.0.1 UCS 0 0 lo0
>127.0.0.1 127.0.0.1 UH 14 182 lo0
>169.254 link#7 UC 0 0 fw0
>
>Internet6:
>Destination Gateway Flags Netif Expire
>::1 link#1 UHL lo0
>fe80::%lo0/64 fe80::1%lo0 Uc lo0
>fe80::1%lo0 link#1 UHL lo0
>fe80::%en1/64 link#5 UC en1
>ff01::/32 ::1 U lo0
>ff02::/32 ::1 UC lo0
>ff02::/32 link#5 UC en1
>
>Connections to the VPN are working flawlessly. But, connections to
>127.0.0.1 are now established from the VPN IP. "lsof -i" shows the
>following for a telnet-instance connecting to 127.0.0.1:
>
>telnet 16347 502 3u IPv4 0x4f6da8c 0t0 TCP
>10.10.10.10:54293->127.0.0.1:telnet (SYN_SENT)
>
>There's no telnetd running on my host, so this should immediately return:
>
>telnet: connect to address 127.0.0.1: Connection refused
>telnet: Unable to connect to remote host
>
>But instead after some 30 seconds or so:
>
>Trying 127.0.0.1...
>telnet: connect to address 127.0.0.1: Operation timed out
>telnet: Unable to connect to remote host
>
>Why is this and how can I prevent this? This never occurred with my
>old VPN installation. I even tried to put a metric on the tun
>interface and a lower one on lo0, but to no avail.
>
>Any hints greatly appreciated!
Your primary IP address is now in 10.10.10.* so that is what the
telnet comes from so this is as would be expected in lsof
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.ustsvs.com/
shoop at iwiring.net http://www.iwiring.net/
1-714-363-1174
More information about the MacOSX-admin
mailing list