Forwarding traffic on Linux virtual machine received through GRE tunnel connected over OpenVPN

3

I'm trying to route traffic destined for the public Internet through an OpenVPN network, where the traffic will exit the VPN through another client on the network (that happens to be a VirtualBox VM).

To explain the topology I'll use client A as the traffic originator, and client E as the desired exit/supposed origin point of the traffic. Both clients and the server are Linux machines.

Clients A and E are both connected to an OpenVPN server and have local addresses on a subnet created by the server; let's say 10.8.0.0/16, where the server has 10.8.0.1, and the clients A, E, have ...2, and ...3. The clients can reach each other through the server. The OpenVPN server also has a GRE tunnel to client E that runs on top of the OpenVPN connection.

Currently, the abstract topology/flow looks like this:

(A) ={OpenVPN}=> (OpenVPN Server) ={GRE in OpenVPN}=> (E) -> ...

The issue I'm having is that once the traffic reaches client E it isn't being sent through E's default gateway and into the public Internet.

The relevant configuration of the clients is as follows:

A:

default gateway is the OpenVPN server (10.8.0.1)  

OpenVPN server:

ip rule add from 10.8.0.2 lookup node  

The routing table 'node' has the routes:

default dev gre5  scope link  
10.8.0.0/16 dev tun0  proto static  scope link  src 10.8.0.1  

E:

default gateway is the VirtualBox nat network (through which it has a working Internet connection)

net.ipv4.ip_forward = 1  
net.ipv4.conf.all.forwarding = 1  
net.ipv4.conf.default.forwarding = 1  
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE

The iptables policy for E's filter table is to accept everything.

Using tcpdump I can see the packets from A coming out of E's GRE tunnel interface, but they seem to drop on E. I've been able to verify they're not being forwarded through any of E's interfaces (loopback, the virtual tunnels nor the VBox nat network interface; eth0 above).

Am I missing some extra/special configuration to do with the GRE tunnel, or something related to it? Does this issue relate to the fact that the end point client is a VM?
Optionally, is there a better way to direct traffic meant for foreign networks though an OpenVPN network and out a client?

I'm happy to provide further details if needed.

Routing table of E, as requested by @MariusMatutiae

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use     Iface
default         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        *               255.255.255.0   U     0      0        0 eth0
10.8.0.0        *               255.255.0.0     U     0      0        0 tun0
10.10.5.0       *               255.255.255.0   U     0      0        0 gre5
192.168.56.0    *               255.255.255.0   U     0      0        0 eth1

Where eth0 is connected to the VBox nat network, eth1 is connected to a host only network that I use to ssh into the VM, tun0 is the OpenVPN interface, and gre5 is the interface to the GRE tunnel.

ThomasL744

Posted 2016-05-31T21:25:04.233

Reputation: 66

Pls post the routing table of E. – MariusMatutiae – 2016-06-01T07:05:00.937

@MariusMatutiae: I've updated the OP as per your request. – ThomasL744 – 2016-06-01T14:28:52.453

No answers