From looking through these boards, routing with a VPN seems to be a common issue so I guess I'm not alone. My issue doesn't actually seem that complicated, so I'm hoping what I'm experiencing is just a bone headed thing I'm overlooking. I'll try to keep this fairly brief as far as network explanations go
So network A and C are connected through a VPN tunnel using Openvpn on a pair of FreeBSD Firewalls. It's configured to use tunneled mode (tun0) not bridged. Both Firewalls are the default gateway, have NAT enabled etc.
All hosts on any network can ping the virtual tunnel addresses used. The firewalls themselves can get to anywhere on the networks. However hosts on Network C cannot ping hosts on Network A and visa versa. Here's the weird thing though, hosts on network B CAN get to hosts on network C.
To answer some common questions, both freebsd gateways have forewarding enabled. The VPN does function, and pass traffic which I've been able to verify as far as I could. Traffic is not getting caught in the firewall as I have ipfw pass the tunneled traffic before it gets to the NAT divert - just to be sure. I've also logged it and confirmed that traffic was accepted. Also being able to get all the way through from Network B to C would confirm that I have this set up correctly for the most part.
I've run tcpdump and everything seems to go through all the way on network C. I see echo reply come back on tun0 on the Net A firewall, but then I see nothing coming out on the physical network interface for Net A (bge1). Keeping in mind that in order for Net B to talk to C it also has to come through that interface. If anyone has any suggestions for things to try it would be much appreciated. Most of the things I've read through here on the forums seemed similar but didn't quite address my problem.
Code:
-------- internet ------- -------
|Net C |<==========>|Net A|<--->|Net B|
-------- (vpn) ------- -------
So network A and C are connected through a VPN tunnel using Openvpn on a pair of FreeBSD Firewalls. It's configured to use tunneled mode (tun0) not bridged. Both Firewalls are the default gateway, have NAT enabled etc.
All hosts on any network can ping the virtual tunnel addresses used. The firewalls themselves can get to anywhere on the networks. However hosts on Network C cannot ping hosts on Network A and visa versa. Here's the weird thing though, hosts on network B CAN get to hosts on network C.
To answer some common questions, both freebsd gateways have forewarding enabled. The VPN does function, and pass traffic which I've been able to verify as far as I could. Traffic is not getting caught in the firewall as I have ipfw pass the tunneled traffic before it gets to the NAT divert - just to be sure. I've also logged it and confirmed that traffic was accepted. Also being able to get all the way through from Network B to C would confirm that I have this set up correctly for the most part.
I've run tcpdump and everything seems to go through all the way on network C. I see echo reply come back on tun0 on the Net A firewall, but then I see nothing coming out on the physical network interface for Net A (bge1). Keeping in mind that in order for Net B to talk to C it also has to come through that interface. If anyone has any suggestions for things to try it would be much appreciated. Most of the things I've read through here on the forums seemed similar but didn't quite address my problem.