[Berlin-wireless] VPN-Tunnel: forums.lanik.us (104.28.15.110) nicht via http erreichbar

Joerg Albert jal2 at gmx.de
Di Jan 31 20:43:51 CET 2017 

Der Fehler tritt wieder auf:

On 18.01.2017 16:49, Philipp Borgers wrote:
> Ich glaube wir bräuchten außerdem mehr Informationen über die Routen.
>
> ip route get <dst_ip>
> ip route show table all
root at behaim4-hof:/tmp# ip route get 104.28.15.110
104.28.15.110 via 10.230.61.129 dev br-lan  src 10.230.34.59
    cache
 
root at behaim4-hof:/tmp# ip route show table all
default via 10.230.61.129 dev br-lan  metric 2 onlink
10.0.0.0/8 dev br-lan  proto kernel  scope link  src 10.230.34.59
10.0.0.0/8 dev wlan0-1  proto kernel  scope link  src 10.230.34.60
10.36.63.160/27 via 10.230.119.224 dev wlan0-1  metric 2 onlink
10.230.61.128/27 via 10.230.61.129 dev br-lan  metric 2 onlink
10.230.61.129 via 10.230.61.129 dev br-lan  metric 2 onlink
10.230.61.160/27 dev wlan0  proto kernel  scope link  src 10.230.61.161
10.230.119.224 via 10.230.119.224 dev wlan0-1  metric 2 onlink
broadcast 10.0.0.0 dev br-lan  table local  proto kernel  scope link  src 10.230.34.59
broadcast 10.0.0.0 dev wlan0-1  table local  proto kernel  scope link  src 10.230.34.60
local 10.230.34.59 dev br-lan  table local  proto kernel  scope host  src 10.230.34.59
local 10.230.34.60 dev wlan0-1  table local  proto kernel  scope host  src 10.230.34.60
broadcast 10.230.61.160 dev wlan0  table local  proto kernel  scope link  src 10.230.61.161
local 10.230.61.161 dev wlan0  table local  proto kernel  scope host  src 10.230.61.161
broadcast 10.230.61.191 dev wlan0  table local  proto kernel  scope link  src 10.230.61.161
broadcast 10.255.255.255 dev br-lan  table local  proto kernel  scope link  src 10.230.34.59
broadcast 10.255.255.255 dev wlan0-1  table local  proto kernel  scope link  src 10.230.34.60
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1
unreachable default dev lo  table unspec  proto kernel  metric -1  error -128 hoplimit 255
unreachable default dev lo  table unspec  proto kernel  metric -1  error -128 hoplimit 255
unreachable default dev lo  table unspec  proto kernel  metric -1  error -128 hoplimit 255
unreachable default dev lo  table unspec  proto kernel  metric -1  error -128 hoplimit 255
fda1:caf6:4021::1 dev br-lan  metric 2
fda1:caf6:4021::/48 via fda1:caf6:4021::1 dev br-lan  metric 2
fdde:a46d:adee:1::1 dev wlan0-1  metric 2
fdde:a46d:adee::/48 via fdde:a46d:adee:1::1 dev wlan0-1  metric 2
fde3:3841:3b2a::/64 dev br-lan  proto kernel  metric 256
fde3:3841:3b2a:1::/64 dev wlan0-1  proto kernel  metric 256
fde3:3841:3b2a:2::/64 dev wlan0  proto kernel  metric 256
unreachable fde3:3841:3b2a::/48 dev lo  proto static  metric 2147483647  error -128
fe80::/64 dev br-lan  proto kernel  metric 256
fe80::/64 dev wlan0  proto kernel  metric 256
fe80::/64 dev wlan0-1  proto kernel  metric 256
unreachable default dev lo  table unspec  proto kernel  metric -1  error -128 hoplimit 255
local ::1 via :: dev lo  table local  proto none  metric 0  rtt 32ms rttvar 25ms cwnd 10
local fde3:3841:3b2a:: via :: dev lo  table local  proto none  metric 0
local fde3:3841:3b2a::1 via :: dev lo  table local  proto none  metric 0
local fde3:3841:3b2a:1:: via :: dev lo  table local  proto none  metric 0
local fde3:3841:3b2a:1::1 via :: dev lo  table local  proto none  metric 0
local fde3:3841:3b2a:2:: via :: dev lo  table local  proto none  metric 0
local fde3:3841:3b2a:2::1 via :: dev lo  table local  proto none  metric 0
local fe80:: via :: dev lo  table local  proto none  metric 0
local fe80:: via :: dev lo  table local  proto none  metric 0
local fe80:: via :: dev lo  table local  proto none  metric 0
local fe80::25:86ff:fed3:f810 via :: dev lo  table local  proto none  metric 0
local fe80::225:86ff:fed3:f80f via :: dev lo  table local  proto none  metric 0
local fe80::225:86ff:fed3:f810 via :: dev lo  table local  proto none  metric 0
ff00::/8 dev br-lan  table local  metric 256
ff00::/8 dev wlan0  table local  metric 256
ff00::/8 dev wlan0-1  table local  metric 256
unreachable default dev lo  table unspec  proto kernel  metric -1  error -128 hoplimit 255
root at behaim4-hof:/tmp#

> Hängt der Router im Freifunk-Netz (per BBB-VPN oder Mesh)?
Er mesht ueber LAN mit behaim4-tunnel, dieser wiederum haengt am VPN.
> Eigentlich sollten 104er IPs als Ziel nur bei Routern zu Problemen führen, die
> diese selber noch nutzen bzw. an Clients vergeben. Das Routing von anderen
> Routern über das VPN03 sollte nicht beeinträchtigt werden.
>
Noch ein paar Infos vom Router:

root at behaim4-hof:/tmp# ping forums.lanik.us -c 3
PING forums.lanik.us (104.28.15.110): 56 data bytes
64 bytes from 104.28.15.110: seq=0 ttl=60 time=21.885 ms
64 bytes from 104.28.15.110: seq=1 ttl=60 time=34.414 ms
64 bytes from 104.28.15.110: seq=2 ttl=60 time=26.486 ms

--- forums.lanik.us ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 21.885/27.595/34.414 ms

root at behaim4-hof:/tmp# traceroute forums.lanik.us
traceroute to forums.lanik.us (104.28.14.110), 30 hops max, 38 byte packets
 1  behaim4-tunnel.olsr (10.230.61.129)  0.341 ms  0.371 ms  0.392 ms
 2  172.31.240.1 (172.31.240.1)  18.880 ms  18.139 ms  17.076 ms
 3  185.66.195.241 (185.66.195.241)  23.991 ms  21.860 ms  21.101 ms
 4  *  cloudflare.equinix-am1.nl-ix.net (193.239.117.114)  32.901 ms  cloudflare.ber.ecix.net (194.9.117.74)  25.419 ms
 5  104.28.14.110 (104.28.14.110)  17.539 ms  23.099 ms  31.150 ms

root at behaim4-hof:/tmp# wget http://forums.lanik.us
Connecting to forums.lanik.us (104.28.15.110:80)
wget: error getting response: Connection reset by peer

root at behaim4-hof:/tmp# ping -s 1400 forums.lanik.us -c 3
PING forums.lanik.us (104.28.15.110): 1400 data bytes
1408 bytes from 104.28.15.110: seq=0 ttl=60 time=21.262 ms
1408 bytes from 104.28.15.110: seq=1 ttl=60 time=33.447 ms
^C
--- forums.lanik.us ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 21.262/27.354/33.447 ms

root at behaim4-hof:/tmp# ping -s 1600 forums.lanik.us -c 3
PING forums.lanik.us (104.28.14.110): 1600 data bytes

--- forums.lanik.us ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root at behaim4-hof:/tmp#

Dass die fragmentierten Pings nicht funktionieren finde ich seltsam. Sowohl wget als auch das ping -s 1600 machen am normalen Rechner keine Probleme.

Wie finde ich in Nachhinein heraus, ueber welche VPN-Instanz der Tunnel gerade laeuft? Reicht der Traceroute oben? logread wird von dnsmasq zugespammt. Auf dem lokalen Tunnelende hier:

root at behaim4-tunnel:/tmp/etc# grep remote /tmp/etc/openvpn-ffvpn.conf
remote vpn03.berlin.freifunk.net 1194 udp
remote vpn03-backup.berlin.freifunk.net 1194 udp


root at behaim4-tunnel:/tmp/etc# ifconfig ffvpn
ffvpn     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:172.31.240.21  P-t-P:172.31.240.21  Mask:255.255.240.0

Gruss,

Joerg

Mehr Informationen über die Mailingliste Berlin