On 25.07.23 12:22, Jason Long wrote:
You said "The rules seem to assume that Internet traffic *will* go out $IF_MAIN and not enp0s3.", Why enp0s3? I created a virtual NIC (enp0s3:0) and I want my traffic go through it. Am I wrong?
I have no reason to doubt that you WANT to have it work like this. What did you *do* to MAKE that happen?
Last time I read about similar issues - several *years* back -, the consensus IIRC was that when initiating a connection out of a physical NIC that has several IPs, the SRC IP will be chosen as
-- the one *last* assigned to the NIC when running Linux, -- the *oldest* one when running Windows, and -- they all get used round-robin under BSD.I have no idea whether that does or doesn't extend from locally initiated connections to MASQUERADEd ones, though. Nailing it down with -j SNAT might be worthwhile, but since you have *several subnets* on that wire, you'd probably still need the routing table to agree with your choice.
# cat /proc/sys/net/ipv4/conf/all/forwarding 1
(When you *read* the setting back, you might want to check the interfaces one by one, rather than just one "all" value ...)
Unfortunately, I do not have "/var/log/kern.log" file!!!
/var/log/syslog ? /var/log/messages ? journalctl ? Maybe dmesg, even?
On the client routing tables are: https://pastebin.mozilla.org/QEVppj9X What is your opinion?
0.0.0.0/1 (and 128.0.0.0/1) point to the VPN and there's no more specific route to 8.8.8.8, so the pings *should* have gone into the VPN, as intended.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
