Forum: >>> Magnum BBS <<<

VPNs ,VNC, RDP BPF and tunneling

From The Doctor@21:1/5 to All on Wed Jul 16 02:51:06 2025

A loadful.
So what I am runnig into is that the client (FreeBSD, Linux, Windows, OS/2_
is running a VPN . I am attempting SSH Tunnelling.
All works expect for trying to access the VPN server.

I use the VPN adress with the excpetion of the VPN server
which seems to be confused.

Anyone seen this before?
--
Member - Liberal International This is [email protected] Ici [email protected]
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
All I want to hear from JEsus Christ is WEll done Good and Faithful servant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Marco Moock@21:1/5 to All on Wed Jul 16 07:04:25 2025

On 16.07.2025 02:51 The Doctor wrote:

I use the VPN adress with the excpetion of the VPN server
which seems to be confused.

Anyone seen this before?

Show us your routing table.

To make the VPN work, it normally includes an entry of the VPN server's
IP via the gateway to avoid traffic to the VPN server flowing through
the VPN tunnel, which will by design not work (vicious circle).

Although, routing paths are being decided by IP address, so other
traffic to the VPN server will not use the tunnel too.

Solution is to use different IP addresses for the VPN and for other
services running on this machine.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From The Doctor@21:1/5 to [email protected] on Wed Jul 16 14:52:18 2025

In article <1057bsp$3vf6r$[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 02:51 The Doctor wrote:

I use the VPN adress with the excpetion of the VPN server
which seems to be confused.

Anyone seen this before?

Show us your routing table.

To make the VPN work, it normally includes an entry of the VPN server's
IP via the gateway to avoid traffic to the VPN server flowing through
the VPN tunnel, which will by design not work (vicious circle).

Although, routing paths are being decided by IP address, so other
traffic to the VPN server will not use the tunnel too.

Solution is to use different IP addresses for the VPN and for other
services running on this machine.

Netstat -rn server

Routing table

Internet:
Destination Gateway Flags Netif Expire
default 204.209.81.2 UGS igb0
10.0.0.2 link#3 UH lo0
10.0.0.3 link#3 UH lo0
10.0.0.4 link#3 UH lo0
10.0.0.5 link#3 UH lo0
10.0.0.6 link#3 UH lo0
10.0.0.7 link#3 UH lo0
10.0.0.8 link#3 UH lo0
10.8.0.0/16 link#24 U tun1
10.8.0.1 link#3 UHS lo0
10.9.0.0/16 link#23 U tun0
10.9.0.1 link#3 UHS lo0
10.14.0.0/16 link#22 U wg0
10.14.0.1 link#3 UHS lo0
10.14.0.2 link#22 UHS wg0
10.14.0.3 link#22 UHS wg0
10.14.0.4 link#22 UHS wg0
10.14.0.5 link#22 UHS wg0
10.14.0.6 link#22 UHS wg0
10.14.0.7 link#22 UHS wg0
10.14.0.8 link#22 UHS wg0
10.14.0.9 link#22 UHS wg0
10.14.0.10 link#22 UHS wg0
10.14.0.11 link#22 UHS wg0
10.14.0.12 link#22 UHS wg0
10.14.0.13 link#22 UHS wg0
10.14.0.14 link#22 UHS wg0
10.14.0.15 link#22 UHS wg0
10.14.0.16 link#22 UHS wg0
10.14.0.17 link#22 UHS wg0
10.14.0.20 link#22 UHS wg0
127.0.0.1 link#3 UH lo0
204.209.81.0/24 link#1 U igb0
204.209.81.1 link#3 UHS lo0
204.209.81.50 link#3 UH lo0
204.209.81.51 link#3 UH lo0
204.209.81.52 link#3 UHS lo0
204.209.81.53 link#3 UHS lo0
204.209.81.54 link#3 UHS lo0
204.209.81.55 link#3 UHS lo0
204.209.81.56 link#3 UHS lo0
204.209.81.57 link#3 UHS lo0
204.209.81.58 link#3 UHS lo0
204.209.81.60 link#3 UHS lo0
204.209.81.61 link#3 UHS lo0
204.209.81.62 link#3 UHS lo0
204.209.81.63 link#3 UHS lo0
204.209.81.64 link#3 UHS lo0
204.209.81.65 link#3 UHS lo0
204.209.81.66 link#3 UHS lo0
204.209.81.67 link#3 UHS lo0
204.209.81.68 link#3 UHS lo0
204.209.81.69 link#3 UH lo0
204.209.81.70 link#3 UH lo0
204.209.81.71 link#3 UH lo0
204.209.81.72 link#3 UH lo0
204.209.81.73 link#3 UH lo0
204.209.81.74 link#3 UH lo0
204.209.81.75 link#3 UH lo0
204.209.81.76 link#3 UH lo0
204.209.81.77 link#3 UH lo0
204.209.81.78 link#3 UH lo0
204.209.81.79 link#3 UH lo0
204.209.81.80 link#3 UH lo0
204.209.81.81 link#3 UH lo0
204.209.81.82 link#3 UH lo0
204.209.81.83 link#3 UH lo0
204.209.81.84 link#3 UH lo0
204.209.81.85 link#3 UH lo0
204.209.81.86 link#3 UH lo0
204.209.81.87 link#3 UH lo0
204.209.81.88 link#3 UH lo0
204.209.81.89 link#3 UH lo0
204.209.81.90 link#3 UH lo0
204.209.81.91 link#3 UH lo0
204.209.81.92 link#3 UH lo0
204.209.81.93 link#3 UH lo0
204.209.81.94 link#3 UH lo0
204.209.81.95 link#3 UH lo0
204.209.81.96 link#3 UH lo0
204.209.81.97 link#3 UH lo0
204.209.81.98 link#3 UH lo0
204.209.81.99 link#3 UH lo0
204.209.81.100 link#3 UH lo0
204.209.81.101 link#3 UH lo0
204.209.81.102 link#3 UH lo0
204.209.81.103 link#3 UH lo0
204.209.81.104 link#3 UH lo0
204.209.81.105 link#3 UH lo0
204.209.81.106 link#3 UH lo0
204.209.81.107 link#3 UH lo0
204.209.81.108 link#3 UH lo0
204.209.81.109 link#3 UH lo0
204.209.81.110 link#3 UH lo0
204.209.81.111 link#3 UH lo0
204.209.81.112 link#3 UH lo0
204.209.81.113 link#3 UH lo0
204.209.81.114 link#3 UH lo0
204.209.81.115 link#3 UH lo0
204.209.81.116 link#3 UH lo0
204.209.81.117 link#3 UH lo0
204.209.81.118 link#3 UH lo0
204.209.81.119 link#3 UH lo0
204.209.81.120 link#3 UH lo0
204.209.81.121 link#3 UH lo0
204.209.81.122 link#3 UH lo0
204.209.81.123 link#3 UH lo0
204.209.81.124 link#3 UH lo0
204.209.81.125 link#3 UH lo0
204.209.81.126 link#3 UH lo0
204.209.81.127 link#3 UH lo0
204.209.81.128 link#3 UH lo0
204.209.81.129 link#3 UH lo0
204.209.81.130 link#3 UH lo0
204.209.81.131 link#3 UH lo0
204.209.81.132 link#3 UH lo0
204.209.81.133 link#3 UH lo0
204.209.81.134 link#3 UH lo0
204.209.81.135 link#3 UH lo0
204.209.81.136 link#3 UH lo0
204.209.81.137 link#3 UH lo0
204.209.81.138 link#3 UH lo0
204.209.81.139 link#3 UH lo0
204.209.81.140 link#3 UH lo0
204.209.81.141 link#3 UH lo0
204.209.81.142 link#3 UH lo0
204.209.81.143 link#3 UH lo0
204.209.81.144 link#3 UH lo0
204.209.81.145 link#3 UH lo0
204.209.81.146 link#3 UH lo0
204.209.81.147 link#3 UH lo0
204.209.81.148 link#3 UH lo0
204.209.81.149 link#3 UH lo0
204.209.81.150 link#3 UH lo0
204.209.81.151 link#3 UH lo0
204.209.81.152 link#3 UH lo0
204.209.81.153 link#3 UH lo0
204.209.81.154 link#3 UH lo0
204.209.81.155 link#3 UH lo0
204.209.81.156 link#3 UH lo0
204.209.81.157 link#3 UH lo0
204.209.81.158 link#3 UH lo0
204.209.81.159 link#3 UH lo0
204.209.81.160 link#3 UH lo0
204.209.81.161 link#3 UH lo0
204.209.81.162 link#3 UH lo0
204.209.81.163 link#3 UH lo0
204.209.81.164 link#3 UH lo0
204.209.81.165 link#3 UH lo0
204.209.81.166 link#3 UH lo0
204.209.81.167 link#3 UH lo0
204.209.81.168 link#3 UH lo0
204.209.81.169 link#3 UH lo0
204.209.81.170 link#3 UH lo0
204.209.81.171 link#3 UH lo0
204.209.81.172 link#3 UH lo0
204.209.81.173 link#3 UH lo0
204.209.81.174 link#3 UH lo0
204.209.81.175 link#3 UH lo0
204.209.81.176 link#3 UH lo0
204.209.81.177 link#3 UH lo0
204.209.81.178 link#3 UH lo0
204.209.81.179 link#3 UH lo0
204.209.81.180 link#3 UH lo0
204.209.81.181 link#3 UH lo0
204.209.81.182 link#3 UH lo0
204.209.81.183 link#3 UH lo0
204.209.81.184 link#3 UH lo0
204.209.81.185 link#3 UH lo0
204.209.81.186 link#3 UH lo0
204.209.81.187 link#3 UH lo0
204.209.81.188 link#3 UH lo0
204.209.81.189 link#3 UH lo0
204.209.81.190 link#3 UH lo0
204.209.81.191 link#3 UH lo0
204.209.81.192 link#3 UH lo0
204.209.81.193 link#3 UH lo0
204.209.81.194 link#3 UH lo0
204.209.81.195 link#3 UH lo0
204.209.81.196 link#3 UH lo0
204.209.81.197 link#3 UH lo0
204.209.81.198 link#3 UH lo0
204.209.81.199 link#3 UH lo0
204.209.81.200 link#3 UH lo0
204.209.81.201 link#3 UH lo0
204.209.81.202 link#3 UH lo0
204.209.81.203 link#3 UH lo0
204.209.81.204 link#3 UH lo0
204.209.81.205 link#3 UH lo0
204.209.81.206 link#3 UH lo0
204.209.81.207 link#3 UH lo0
204.209.81.208 link#3 UH lo0
204.209.81.209 link#3 UH lo0
204.209.81.210 link#3 UH lo0
204.209.81.211 link#3 UH lo0
204.209.81.212 link#3 UH lo0
204.209.81.213 link#3 UH lo0
204.209.81.214 link#3 UH lo0
204.209.81.215 link#3 UH lo0
204.209.81.216 link#3 UH lo0
204.209.81.217 link#3 UH lo0
204.209.81.218 link#3 UH lo0
204.209.81.219 link#3 UH lo0
204.209.81.220 link#3 UH lo0
204.209.81.221 link#3 UH lo0
204.209.81.222 link#3 UH lo0
204.209.81.223 link#3 UH lo0
204.209.81.224 link#3 UH lo0
204.209.81.225 link#3 UH lo0
204.209.81.226 link#3 UH lo0
204.209.81.227 link#3 UH lo0
204.209.81.228 link#3 UH lo0
204.209.81.229 link#3 UH lo0
204.209.81.230 link#3 UH lo0
204.209.81.231 link#3 UH lo0
204.209.81.232 link#3 UH lo0
204.209.81.233 link#3 UH lo0
204.209.81.234 link#3 UH lo0
204.209.81.235 link#3 UH lo0
204.209.81.236 link#3 UH lo0
204.209.81.237 link#3 UH lo0
204.209.81.238 link#3 UH lo0
204.209.81.239 link#3 UH lo0
204.209.81.240 link#3 UH lo0
204.209.81.241 link#3 UH lo0
204.209.81.242 link#3 UH lo0
204.209.81.243 link#3 UH lo0
204.209.81.244 link#3 UH lo0
204.209.81.245 link#3 UH lo0
204.209.81.246 link#3 UH lo0
204.209.81.247 link#3 UH lo0
204.209.81.248 link#3 UH lo0
204.209.81.249 link#3 UH lo0
204.209.81.250 link#3 UH lo0
204.209.81.251 link#3 UH lo0
204.209.81.252 link#3 UH lo0
204.209.81.253 link#3 UH lo0
204.209.81.254 link#3 UH lo0

Internet6:
Destination Gateway Flags Netif Expire
::/96 link#3 URS lo0
::1 link#3 UHS lo0
::ffff:0.0.0.0/96 link#3 URS lo0
fe80::%lo0/10 link#3 URS lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff02::/16 link#3 URS lo0

netstat -rn from the FreeBSD client using wireguard

Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#5 US wg0
default 192.168.88.1 UGS igb0
10.14.0.6 link#3 UH lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#5 US wg0
192.168.88.0/24 link#1 U igb0
192.168.88.251 link#3 UHS lo0
204.209.81.1 192.168.88.1 UGHS igb0

Internet6:
Destination Gateway Flags Netif Expire
::/96 link#3 URS lo0
::1 link#3 UHS lo0
::ffff:0.0.0.0/96 link#3 URS lo0
fe80::%lo0/10 link#3 URS lo0
fe80::%igb0/64 link#1 U igb0
fe80::ec4:7aff:feac:bc96%lo0 link#3 UHS lo0
fe80::%lo0/64 link#3 U lo0
fe80::1%lo0 link#3 UHS lo0
ff02::/16 link#3 URS lo0

--
Member - Liberal International This is [email protected] Ici [email protected]
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
All I want to hear from JEsus Christ is WEll done Good and Faithful servant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Marco Moock@21:1/5 to All on Wed Jul 16 20:19:09 2025

On 16.07.2025 14:52 Uhr The Doctor wrote:

Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#5 US wg0
default 192.168.88.1 UGS igb0
10.14.0.6 link#3 UH lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#5 US wg0
192.168.88.0/24 link#1 U igb0
192.168.88.251 link#3 UHS lo0
204.209.81.1 192.168.88.1 UGHS igb0

Is 204.209.81.1 the VPN server?
Is this IP used for any other service?

--
kind regards
Marco

Send spam to [email protected]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From The Doctor@21:1/5 to [email protected] on Wed Jul 16 22:59:14 2025

In article <[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 14:52 Uhr The Doctor wrote:

Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#5 US wg0
default 192.168.88.1 UGS igb0
10.14.0.6 link#3 UH lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#5 US wg0
192.168.88.0/24 link#1 U igb0
192.168.88.251 link#3 UHS lo0
204.209.81.1 192.168.88.1 UGHS igb0

Is 204.209.81.1 the VPN server?
Is this IP used for any other service?

Yes! WEb, PrimaryDNS, POP3, IMAP, ftp , user services ...

--
kind regards
Marco

Send spam to [email protected]

--
Member - Liberal International This is [email protected] Ici [email protected]
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
All I want to hear from JEsus Christ is WEll done Good and Faithful servant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Marco Moock@21:1/5 to All on Thu Jul 17 08:08:26 2025

On 16.07.2025 22:59 The Doctor wrote:

In article <[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 14:52 Uhr The Doctor wrote:

Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#5 US wg0
default 192.168.88.1 UGS igb0
10.14.0.6 link#3 UH lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#5 US wg0
192.168.88.0/24 link#1 U igb0
192.168.88.251 link#3 UHS lo0
204.209.81.1 192.168.88.1 UGHS igb0

Is 204.209.81.1 the VPN server?
Is this IP used for any other service?

Yes! WEb, PrimaryDNS, POP3, IMAP, ftp , user services ...

And exactly that is the problem if you want to route that traffic
through the tunnel.
Use one IP address only for the VPN daemon and another for the
services. IPv6 provides enough address space for that.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From The Doctor@21:1/5 to [email protected] on Thu Jul 17 14:35:58 2025

In article <105a40q$8uua$[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 22:59 The Doctor wrote:

In article <[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 14:52 Uhr The Doctor wrote:

Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#5 US wg0
default 192.168.88.1 UGS igb0
10.14.0.6 link#3 UH lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#5 US wg0
192.168.88.0/24 link#1 U igb0
192.168.88.251 link#3 UHS lo0
204.209.81.1 192.168.88.1 UGHS igb0

Is 204.209.81.1 the VPN server?
Is this IP used for any other service?

Yes! WEb, PrimaryDNS, POP3, IMAP, ftp , user services ...

And exactly that is the problem if you want to route that traffic
through the tunnel.
Use one IP address only for the VPN daemon and another for the
services. IPv6 provides enough address space for that.

Trying to get an IPv^ allocation myself.
--
Member - Liberal International This is [email protected] Ici [email protected]
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
All I want to hear from JEsus Christ is WEll done Good and Faithful servant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Marco Moock@21:1/5 to All on Thu Jul 17 21:13:40 2025

On 17.07.2025 14:35 Uhr The Doctor wrote:

In article <105a40q$8uua$[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 22:59 The Doctor wrote:

In article <[email protected]>,
Marco Moock <[email protected]> wrote:

On 16.07.2025 14:52 Uhr The Doctor wrote:

Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#5 US wg0
default 192.168.88.1 UGS igb0
10.14.0.6 link#3 UH lo0
127.0.0.1 link#3 UH lo0
128.0.0.0/1 link#5 US wg0
192.168.88.0/24 link#1 U igb0
192.168.88.251 link#3 UHS lo0
204.209.81.1 192.168.88.1 UGHS igb0

Is 204.209.81.1 the VPN server?
Is this IP used for any other service?

Yes! WEb, PrimaryDNS, POP3, IMAP, ftp , user services ...

And exactly that is the problem if you want to route that traffic
through the tunnel.
Use one IP address only for the VPN daemon and another for the
services. IPv6 provides enough address space for that.

Trying to get an IPv^ allocation myself.

No problem if you want it from your RIR. Enough address space exists.
You can either allocate it to your own ASN or to the ASN of your ISP
and let it route to you.

--
kind regards
Marco

Send spam to [email protected]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	12:37:49
Calls:	12,100
Files:	15,003
Messages:	6,518,002

VPNs ,VNC, RDP BPF and tunneling

Who's Online

System Info