cannot connect to vpn IPs from within jail

[markf]

SOLVED: VPN issue not FreeNAS or jail. Thanks for feedback
- - - -

I've got a problem where I can't connect to some IPs from my jail but I can from the main FreeNAS system.

My setup is that I have a hardware VPN/Router that is my default gateway, that allows traffic to my work network from home via the VPN connection.
Locally my freeNAS is 10.0.0.x, jail 10.0.1.x, work 192.168.X.X.

My hardware VPN/router forwards connections to the 192.168 range down the VPN, and pinging these addresses works fine if i open a shell in FreeNAS.

But it fails when logged into the jail and trying the same ping.
Pinging any other host on the internet from within the jail is fine, it's just traffic through the VPN is failing, and only from within the jail.

I've set a default gw in Network Settings / Global Configuration / ipv4 default gateway of the router.

I'm using FreeNAS 8.3.

Does anyone know what I'm missing?
It effectively means the services I'm running in my jail can't communicate with the machines the other side of the VPN.

Thanks in advance for any help.

 

[Suiname]

have you tried giving the jail an IP in the 10.0.0.x range just to see what happens? Any reason why you need to segregate them like you listed above?

 

[cyberjock]

I may be confused with what you wrote.. but I think you need to read up on subnets and gateways. Having multiple subnets within the same network is a PITA to do, and it sure sounds like thats what you are doing.

 

[markf]

My subnet is 10.X.X.X/8, so 10.0.1.1 and 10.0.0.X are in the same subnet AFAIU

 

[markf]

have you tried giving the jail an IP in the 10.0.0.x range just to see what happens? Any reason why you need to segregate them like you listed above?

I hadn't tried it, and just have, and it works, and this has made me realise where the problem is/was.

My network is 10.X.X.X/8, so 10.0.1.1 and 10.0.0.X are on the same subnet.
However, the problem was my VPN was configured with 10.X.X.X/24, not 8, so 10.0.1.X (despite being on the same subnet) was being dropped at the VPN.
I've changed settings there and it's all working. If i'd have put any other device on the 10.0.1.X side I'd have seen the same issue.

Thanks for the suggestion which woke my brain up!

 

[cyberjock]

I hadn't tried it, and just have, and it works, and this has made me realise where the problem is/was.

My network is 10.X.X.X/8, so 10.0.1.1 and 10.0.0.X are on the same subnet.
However, the problem was my VPN was configured with 10.X.X.X/24, not 8, so 10.0.1.X (despite being on the same subnet) was being dropped at the VPN.
I've changed settings there and it's all working. If i'd have put any other device on the 10.0.1.X side I'd have seen the same issue.

Thanks for the suggestion which woke my brain up!

Glad you got that figured out. I figured either you were a complete moron(and I wasn't about to say so) or you have a network limitation with your subnets that you were incorrect about. Glad it was the latter since there's plenty of the former around the forums already ;)