Re: [44net] on4hu on line

Dear Andre, You have disabled the route back to the network: [robbie@on4hu] > ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - m B - blackhole, U - unreachable, P - prohibit 0 X S dst-address=0.0.0.0/0 gateway=44.144.11.129 gateway-status=44.144.11.129 inactive distance=1 s target-scope=10 routing-mark=via_amprnet 1 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 gateway-status=192.168.1.1 reachable via ether1-g scope=30 target-scope=10 vrf-interface=ether1-gate 2 ADC dst-address=44.144.4.0/24 pref-src=44.144.4.2 gate gateway-status=ovpn-adc reachable distance=0 scope 3 ADC dst-address=44.144.11.128/28 pref-src=44.144.11.12 gateway-status=bridge-local reachable distance=0 s 4 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.100 gateway-status=ether1-gateway reachable distance=0 1) The gateway for rule 0 should be 44.144.4.1 and not your local router ip. 2) You have disabled rule 0, meaning that all your outbound traffic is being sent through your VDSL provider which does not know amprnet and thus the packets die a lonely death in a blackhole on the internet. 3) FYI: There is a mangle rule that uses rule 0, just to be clear; [robbie@on4hu] > ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=mark-routing new-routing-mark=via_amprnet passthrough=yes in-interface=bridge-local 1 chain=output action=mark-routing new-routing-mark=via_amprnet passthrough=yes src-address=44.144.0.0/16 dst-address=!44.144.11.128/28 2 chain=prerouting action=mark-connection new-connection-mark=from_vpn passthrough=yes in-interface=ovpn-adc 3 chain=prerouting action=mark-routing new-routing-mark=via_amprnet passthrough=yes connection-mark=from_vpn So since this route is disabled and misconfigured, no traffic is flowing back through the VPN to amprnet. 73s Robbie On Thu, Jan 16, 2014 at 7:05 PM, <sp2lob(a)tlen.pl> wrote: