OpenVPN client without redirect-gateway doing triangular routing and IP spoofing not working on Ubuntu

networking debian ubuntu routing openvpn

Solution 1:

I have to admit that I do not (yet) fully understand what you are trying to achieve. But I think you want your Ubuntu (and Debian) server to be reachable by an IP you got through OpenVPN (incoming traffic) but send your own (= Ubuntu servers) traffic through the eth0 interface local to your (Ubuntu) server ("spoofing") the VPN-IP. Or along these lines. I am not sure if this is a very good idea (probably depends on why you do it) but I assume there is a reason for it and as you say it does work with Debian. So let's not elaborate on this (although it might still be important later on).

Further I wonder why the line

route-gateway a.b.28.129

included in your VPN configuration does not (seem to) lead to an entry in your routing table.

Also I am not sure what the goal/insight of the two traceroutes you show is... You seem to be trying to traceroute to 8.8.8.8 through the VPN tunnel. As this is outgoing traffic I do not really understand its relevance to your problem. And I would say (looking at your routing table) that the traffic you generate this way is not (should not be?) going through the tunnel. I see that it looks like this is the case on Debian though... But I don't see why this is the case. Looking at the routing table I would rather assume the traceroute packages you try to send out on tap0 are (should be?) "re-routed" to eth0 (default route).

Now this brings me to the guess I would take for your problem: IP forwarding. Could it be that your Debian box has it enabled while it is disabled on Ubuntu? You can find more information (how to find out if IP forwarding is enabled for example) by visiting the link above (or use your favorite search engine or the Ubuntu manual).

Your being able to reach the SSH daemon on Ubuntu suggests that you are very close :). So it might be crucial to know what you mean by

"The debian server VPN client IP is publically accessible, but on the Ubuntu server it's not!"

What are you trying to do (i.e. what service are you trying to connect to) when the Ubuntu machine "is not reachable"? Access its web server? What IP is this service listening on?

Solution 2:

Ubuntu may have a different default for reverse-path filtering. Check the various rp_filter in /proc/sys/net/ipv4/conf/....

If that doesn't help, next step would be to confirm if packets are going in/out with tcpdump or wireshark. Also confirm you really don't have a firewall with iptables -vL.

Related

rotate nohup out file (nohup.log)
How to hide Table Row Overflow?
Easiest way to corrupt ext3 file system (for testing)?
Android gradle build Error:(9, 0) Gradle DSL method not found: 'compile()'.
what are the advantages/disadvantages of cloud server versus a VPS?
Where is the best place for LUKS to sit in a RAID/LVM/LUKS stack?
Name not defined in type annotation [duplicate]
How does one prevent another server in a subnet to "steal" the IP address of our own server while it restarts?
Ubuntu Upstart script hangs on start and stop
How to ignore namespace when selecting XML nodes with XPath
How to programmatically select an item in a WPF TreeView?
Iterate over individual bytes in Python 3