I am running CentOS 6. It is connected to OpenVPN with the following routes:
Destination Gateway Genmask Flags Metric Ref Use Iface
100.207.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
101.19.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.97.156.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 10.97.156.1 0.0.0.0 UG 0 0 0 eth0
When connected, my ifconfig shows the correct address for tun0:
inet addr:101.19.23.64
After setting up the VPN, I restart sshd.
When I try to ssh in to this system from a host on the VPN, the connection attempt times out.
If I use tcpdump -i tun0 I get:
09:25:30.592685 IP 100.207.1.200.26605 > 101.19.23.64.ssh: Flags [S], seq 2108197737, win 8192, options [mss 1366,nop,nop,sackOK], length 0
However, no response ever goes back across the tunnel. The response isn't being sent across eth0 either- I trapped eth0 and didn't have a packet trying to go back to 100.207.1.200.
I know sshd is listening on all interfaces because netstat -l shows:
tcp 0 0 *:ssh : LISTEN
I even made sure my iptables allow incoming connections on the VPN port and the SSH port, although that shouldn't be an issue because the connections should be piggybacking on the current VPN session.
Any ideas? I'm at a loss, because as far as I can tell everything is set up properly.
Answer
The routes for tun0 are incorrect: the netmasks are 255.255.255.255 (there is no ip matching such a route).
You probably need 255.255.255.0 oder 255.255.0.0 depending on how you configured your VPN.
No comments:
Post a Comment