Re: OpenVPN and rdomains

2018-04-29 Thread Zach Nedwich 
Thanks Kyle, that did the trick. I used the up script from 
http://openbsd-archive.7691.n7.nabble.com/ratble-and-rdomain-support-on-dhcpd-and-openvpn-tp300260p300262.html
 which pushed the correct default route. There seems to be an issue on boot 
with the VLAN pushing its own default route but I believe that's because it 
happens earlier than the OpenVPN connection. 

On 29 April 2018 3:13:28 pm AEST, Kyle  wrote:
>On Saturday, April 28, 2018 8:09:32 PM CDT z...@znedw.com wrote:
>> Hi all,
>> 
>> I'm trying to configure a TUN interface in a separate rdomain, so
>that my
>> default route is not via the VPN, and only a specific subnet will use
>> the TUN connection on the way out.
>> 
>> The OpenVPN connection is established ok via my default gateway on
>em1 (this
>> is my internet connection), however, once I add the TUN interface to
>> another rdomain, I'm unable to manually push the routes from the VPN
>server
>> in with route -TX add x.x.x.x x.x.x.x.
>> 
>> I'm unable to ping anything on the internet via route -TX exec.
>> With PF allowing all connections I am still unable to access the
>> internet on rdomain 2. I've uploaded config files at the link below.
>Any
>> assistance would be greatly appreciated.
>> 
>> https://gist.github.com/zachnedwich/208bcaac3bcdb15e2f5ab5737db8c2d2
>> 
>> Thank-you,
>> Zach Nedwich
>
>What does the routing table for rdomain 2 look like (route -T2 -n
>show)? Does 
>it have a default route? To set routes pushed from the server in that
>rdomain, 
>you might need to use up/down scripts on the client (commented lines at
>the 
>bottom of your pia.ovpn).
>
>I'm using a very similar config:
>
>$ cat /etc/hostname.tun0   
>
>up
>rdomain 1
>!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/config.ovpn
>
>$ ifconfig tun0
>tun0: flags=8051 rdomain 1 mtu 1500
>index 13 priority 0 llprio 3
>groups: tun
>status: active
>inet 10.8.8.9 --> 10.8.8.1 netmask 0xff00
>
>$ route -T1 -n show
>Routing tables
>
>Internet:
>DestinationGatewayFlags   Refs  Use   Mtu  Prio
>Iface
>default10.8.8.1   UGS25293 27087073 - 8
>tun0 
>10.8.8.1   10.8.8.9   UHh11 - 8
>tun0 
>10.8.8.9   10.8.8.9   UHl047965 - 1
>tun0 
>127.0.0.1  127.0.0.1  UHl0  6462016 32768 1
>lo1

Re: OpenVPN and rdomains

2018-04-29 Thread Kyle 
On Saturday, April 28, 2018 8:09:32 PM CDT z...@znedw.com wrote:
> Hi all,
> 
> I'm trying to configure a TUN interface in a separate rdomain, so that my
> default route is not via the VPN, and only a specific subnet will use
> the TUN connection on the way out.
> 
> The OpenVPN connection is established ok via my default gateway on em1 (this
> is my internet connection), however, once I add the TUN interface to
> another rdomain, I'm unable to manually push the routes from the VPN server
> in with route -TX add x.x.x.x x.x.x.x.
> 
> I'm unable to ping anything on the internet via route -TX exec.
> With PF allowing all connections I am still unable to access the
> internet on rdomain 2. I've uploaded config files at the link below. Any
> assistance would be greatly appreciated.
> 
> https://gist.github.com/zachnedwich/208bcaac3bcdb15e2f5ab5737db8c2d2
> 
> Thank-you,
> Zach Nedwich

What does the routing table for rdomain 2 look like (route -T2 -n show)? Does 
it have a default route? To set routes pushed from the server in that rdomain, 
you might need to use up/down scripts on the client (commented lines at the 
bottom of your pia.ovpn).

I'm using a very similar config:

$ cat /etc/hostname.tun0

up
rdomain 1
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/config.ovpn

$ ifconfig tun0
tun0: flags=8051 rdomain 1 mtu 1500
index 13 priority 0 llprio 3
groups: tun
status: active
inet 10.8.8.9 --> 10.8.8.1 netmask 0xff00

$ route -T1 -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default10.8.8.1   UGS25293 27087073 - 8 tun0 
10.8.8.1   10.8.8.9   UHh11 - 8 tun0 
10.8.8.9   10.8.8.9   UHl047965 - 1 tun0 
127.0.0.1  127.0.0.1  UHl0  6462016 32768 1 lo1