Bug #3682
closed
Openvpn not routing incomming traffic correct when using tap device
0%
Description
I have 2 openvpn clients on my server 1 running with tun as device and 1 running with tap as device,
traffic coming from the outside to example port 53 using tun is routed correctly back over the openvpn client,
traffic coming from the outside to example port 53 using tap is routed over the default route and not the interface it is coming from, the only way I have found is to use redirect-gateway def1
this will create a route in the top of the routing table with 0.0.0.0/1 (tap gateway), but that should not be needed as traffic should be routed back over the same interface as it came in on.
Updated by Chris Buechler almost 11 years ago
- Status changed from New to Rejected
traffic is routed by where the routing table says it should go, or via reply-to if you assign the VPN interface. Config issue, not bug.
Updated by Lars Jensen almost 11 years ago
from rules.debug:
pass out route-to ( ovpnc2 88.80.28.129 ) from 88.80.yyy.xxx to !88.80.28.128/25 keep state allow-opts label "let out anything from firewall host itself"
according to that route-to anything from 88.80.yyy.zzz should go to 88,80,28,129 so traffic that enters that interface should go out on the same interface
that does not happen it is routed to default gateway
Updated by Lars Jensen almost 11 years ago
and the reply-to:
pass in quick on $PRQTUNNEL reply-to ( ovpnc2 88.80.28.129 ) inet proto icmp from any to any keep state label "USER_RULE"
pass in quick on $PRQTUNNEL reply-to ( ovpnc2 88.80.28.129 ) inet proto tcp from any to $mail port $mail_server flags S/SA keep state label "USER_RULE: NAT ACCESS TO MAIL SERVER"
pass in quick on $PRQTUNNEL reply-to ( ovpnc2 88.80.28.129 ) proto { tcp udp } from any to 10.19.2.10 port 53 keep state label "USER_RULE: NAT DNS in PRQTUNNEL"
so it should work