On Fri, 11 Feb 2022 16:47:36 +0100, Jan Just Keijser <janj...@nikhef.nl> wrote:
>> When the client accesses the RPi NFS then presumably this happens: >> >> [Client]-117->[Router->VPN]->Internet->[Router]-119->[OpenVPNserv]-119->[RPiNFS] >> >> But when replacing RPiNFS with the NFS port on the OpenVPN server for a call >> to >> the NFS server then the call out on LAN 119 should be for port 2049 on the >> OpenVPN server own IP address. >> >> Why would that be a problem? >> >> I have trouble understanding this "source routing" or "policy routing" of >> OpenVPN... >> >> Is there a document describing this case and how to configure for it? >> I would need to know the option/command name to be able to search for it... >> > >so which NFS server address are you using? the local LAN IP or the VPN >tunnel IP? the tunnel IP might work... When you say "using" what address do you mean? The mount command on the client looks like this: sudo mount 192.168.119.216:/home/bosse/www/VIDEO /mnt/video The client issuing this command has address 192.168.117.251 So the client 192.168.117.251 tries to mount the share offered by 192.168.119.216 and since that is non-local it goes through the VPN tunnel to the other LAN, where it gets routed to the OpenVPN server since that is the target here. When it gets to the server OpenVPN transfers the packet to the destination network I assume. And in this case the target will be 192.168.119.216:2049 which should resolve to that port on the OVPN server itself. And now it should connect to the nfs service but apparently it does not. Compare to what happens when the target is a different nfs server on the 119 LAN, in this case the packet is again put on the LAN and picked up by the other NFS server and handled there so the mount succeeds. Why does this not happen if the nfs server is the same as the OVPN server? > >and like Gert suggested, run tcpdump on the server to see what happens >to the traffic, e.g. > tcpdump -nnel -i tun0 tcp port 2049 I have never used this command, what is the procedure? Do I issue the command on the server, then go to the client and try to mount the nfs share and then something will be shown? Where? I tried as follows (on the server): $ sudo tcpdump -nnel -i tun0 tcp port 2049 tcpdump: tun0 : No such device exists But: $ ifconfig tun0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.139.1 netmask 255.255.255.0 destination 10.8.139.1 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 2197245 bytes 146063190 (146.0 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4022369 bytes 4854902161 (4.8 GB) TX errors 0 dropped 2892 overruns 0 carrier 0 collisions 0 So tun0 clearly exists.... Very confused now... -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users