[Solved] Route not working

Started by meschmesch, September 27, 2023, 07:08:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 27, 2023, 07:08:16 PM Last Edit: September 29, 2023, 10:44:14 AM by meschmesch
I have a weird issue. I push a route 192.168.4.0/24 to the client. At the client, route shows the following correctly:

Code Select

root@237:/etc/openvpn# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway.xx. 0.0.0.0         UG    0      0        0 eth0
xx.xx.232.0     0.0.0.0         255.255.248.0   U     0      0        0 eth0
192.168.4.0     192.168.25.1    255.255.255.0   UG    0      0        0 tun0
192.168.25.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0


However, I cannot access any machine on 192.168.4.xx. Sporadically, after reboot of firewall or the client side, a connection is possible. Further, in case I add further routes to other subnets of the firewall, these work immediately.

In the firewall log I see the connection incoming. It seems to be routed to the correct interface. But then no response.

Does anyone have an idea how the track the problem and find a solution?
September 27, 2023, 08:09:09 PM #1
Do(es) the system(s) in 192.168.4.0/24 know the route back to the client?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 27, 2023, 08:10:00 PM #2
How can I check that? The target system .4.101 is a synology disk station running nextcloud
September 27, 2023, 08:12:17 PM #3
Does this system have ssh and tcpdump? On the OPNsense do you see any reply packets when you run tcpdump on the interface with 192.168.4.0/24?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 27, 2023, 08:18:39 PM #4
Yes, ssh and tcpdump are available. From Opnsense Terminal I can SSH into the synology (ssh 192.168.4.101). tcpdump on opnsense on the 192.168.4.0 interface provides a lot of traffic. I can also do SSH into the synology from other subnets (192.168.2.0)
September 27, 2023, 09:03:54 PM #5
I just realized that I cannot ping anything including the gateway from the synology system. Ping using ipv6 works fine, but not IPv4? When I change the static IP of the synology system, ping works. In case I change it back to 192.168.4.101, it stops working. Weird.
September 27, 2023, 10:02:36 PM #6 Last Edit: September 28, 2023, 12:16:49 AM by meschmesch
It works. I have no idea why. Ping from synology to Opnsense started to work when I rebooted opnsense. So, something in Opnsense has blocked connections. I have no idea what. After the reboot, it appeared to work fine.

Remark: I assume it was Crowdsec that blocked the IP. Not sure.
Print
Go Up Pages1
User actions