On Fri, 11 Feb 2022 16:47:36 +0100, Jan Just Keijser <janj...@nikhef.nl> wrote:
>> When the client accesses the RPi NFS then presumably this happens:
>>
>> [Client]-117->[Router->VPN]->Internet->[Router]-119->[OpenVPNserv]-119->[RPiNFS]
>>
>> But when replacing RPiNFS with the NFS port on the OpenVPN server for a call
>> to
>> the NFS server then the call out on LAN 119 should be for port 2049 on the
>> OpenVPN server own IP address.
>>
>> Why would that be a problem?
>>
>> I have trouble understanding this "source routing" or "policy routing" of
>> OpenVPN...
>>
>> Is there a document describing this case and how to configure for it?
>> I would need to know the option/command name to be able to search for it...
>>
>
>so which NFS server address are you using? the local LAN IP or the VPN
>tunnel IP? the tunnel IP might work...
When you say "using" what address do you mean?
The mount command on the client looks like this:
sudo mount 192.168.119.216:/home/bosse/www/VIDEO /mnt/video
The client issuing this command has address 192.168.117.251
So the client 192.168.117.251 tries to mount the share offered by
192.168.119.216 and since that is non-local it goes through the VPN tunnel to
the other LAN, where it gets routed to the OpenVPN server since that is the
target here.
When it gets to the server OpenVPN transfers the packet to the destination
network I assume.
And in this case the target will be 192.168.119.216:2049 which should resolve to
that port on the OVPN server itself.
And now it should connect to the nfs service but apparently it does not.
Compare to what happens when the target is a different nfs server on the 119
LAN, in this case the packet is again put on the LAN and picked up by the other
NFS server and handled there so the mount succeeds.
Why does this not happen if the nfs server is the same as the OVPN server?
>
>and like Gert suggested, run tcpdump on the server to see what happens
>to the traffic, e.g.
> tcpdump -nnel -i tun0 tcp port 2049
I have never used this command, what is the procedure?
Do I issue the command on the server, then go to the client and try to mount the
nfs share and then something will be shown?
Where?
I tried as follows (on the server):
$ sudo tcpdump -nnel -i tun0 tcp port 2049
tcpdump: tun0 : No such device exists
But:
$ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.139.1 netmask 255.255.255.0 destination 10.8.139.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100
(UNSPEC)
RX packets 2197245 bytes 146063190 (146.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4022369 bytes 4854902161 (4.8 GB)
TX errors 0 dropped 2892 overruns 0 carrier 0 collisions 0
So tun0 clearly exists....
Very confused now...
--
Bo Berglund
Developer in Sweden
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
