localhost routing issue with new OpenVPN install
Fabian Peters
lists.fabian at e-lumo.com
Thu Jul 12 15:26:11 PDT 2007
Am 12.07.2007 um 23:18 schrieb Dan Shoop:
> At 9:42 PM +0200 7/12/07, Fabian Peters wrote:
>> Hi all,
>>
>> I'm facing a strange issue here, after having decommissioned an old
>> OpenVPN setup and replaced it with a new one. The old one was at home
>> in the 10.100.100.x range, the new one is in 10.10.10.x. My machine
>> (running OS X 10.4.10) is placed in a small LAN using 10.0.0.x, with
>> its primary IP being 10.0.0.6 and the router placed at 10.0.0.1.
>>
>> While OpenVPN is not running, everything's fine. "netstat -rn" shows:
>>
>> Destination Gateway Flags Refs Use Netif Expire
>> default 10.0.0.1 UGSc 40 8 en0
>> 10/24 link#4 UCS 3 0 en0
>> 10.0.0.1 XX:XX:XX:XX:X:X UHLW 38 33 en0 1154
>> 10.0.0.6 127.0.0.1 UHS 0 0 lo0
>> 10.0.0.7 XX:XX:XX:XX:X:X UHLW 1 5001 en0 507
>> 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWb 0 3 en0
>> 127 127.0.0.1 UCS 0 0 lo0
>> 127.0.0.1 127.0.0.1 UH 10 5865 lo0
>> 169.254 link#7 UC 0 0 fw0
>>
>> Internet6:
>> Destination Gateway Flags Netif Expire
>> ::1 link#1 UHL lo0
>> fe80::%lo0/64 fe80::1%lo0 Uc lo0
>> fe80::1%lo0 link#1 UHL lo0
>> fe80::%en1/64 link#5 UC en1
>> ff01::/32 ::1 U lo0
>> ff02::/32 ::1 UC lo0
>> ff02::/32 link#5 UC en1
>>
>> On connecting, OpenVPN issues the following commands:
>>
>> ifconfig tun0 10.10.10.10 127.0.0.1 mtu 1500 netmask
>> 255.255.255.255 up
>> route add -net 10.10.10.0 127.0.0.1 255.255.255.0
>>
>> Which look fine to me and do succeed. "netstat -rn" then shows:
>>
>> Destination Gateway Flags Refs Use Netif Expire
>> default 10.0.0.1 UGSc 40 9 en0
>> 10/24 link#4 UCS 2 0 en0
>> 10.0.0.1 XX:XX:XX:XX:X:X UHLW 38 33 en0 936
>> 10.0.0.6 127.0.0.1 UHS 0 0 lo0
>> 10.0.0.7 XX:XX:XX:XX:X:X UHLW 1 408 en0 289
>> 10.10.10/24 127.0.0.1 UGSc 1 8 tun0
>> 127 127.0.0.1 UCS 0 0 lo0
>> 127.0.0.1 127.0.0.1 UH 14 182 lo0
>> 169.254 link#7 UC 0 0 fw0
>>
>> Internet6:
>> Destination Gateway Flags Netif Expire
>> ::1 link#1 UHL lo0
>> fe80::%lo0/64 fe80::1%lo0 Uc lo0
>> fe80::1%lo0 link#1 UHL lo0
>> fe80::%en1/64 link#5 UC en1
>> ff01::/32 ::1 U lo0
>> ff02::/32 ::1 UC lo0
>> ff02::/32 link#5 UC en1
>>
>> Connections to the VPN are working flawlessly. But, connections to
>> 127.0.0.1 are now established from the VPN IP. "lsof -i" shows the
>> following for a telnet-instance connecting to 127.0.0.1:
>>
>> telnet 16347 502 3u IPv4 0x4f6da8c 0t0 TCP
>> 10.10.10.10:54293->127.0.0.1:telnet (SYN_SENT)
>>
>> There's no telnetd running on my host, so this should immediately
>> return:
>>
>> telnet: connect to address 127.0.0.1: Connection refused
>> telnet: Unable to connect to remote host
>>
>> But instead after some 30 seconds or so:
>>
>> Trying 127.0.0.1...
>> telnet: connect to address 127.0.0.1: Operation timed out
>> telnet: Unable to connect to remote host
>>
>> Why is this and how can I prevent this? This never occurred with my
>> old VPN installation. I even tried to put a metric on the tun
>> interface and a lower one on lo0, but to no avail.
>>
>> Any hints greatly appreciated!
>
> Your primary IP address is now in 10.10.10.* so that is what the
> telnet comes from so this is as would be expected in lsof
Hhmm, okay, but why does it become my new "primary" IP? This is of
course not intended, I want my LAN IP to remain the primary IP. How
can I keep 10.0.0.6 as my primary IP then? The openvpn config did not
change AFAIK, compared to the earlier one, so what would trigger this
new behaviour?
cheers,
Fabian
More information about the MacOSX-admin
mailing list