OpenVPN in server-bridge mode

[streetster]

Hi Guys,

I initially had the OpenVPN server running on 10.123.0.1 and dishing out a 10.123.0.x IP to the client.

This all worked nicely although meant I could only access the VPN machine (note: the vpn is not running on the router but a separate, linux, box).

So... after reading through the OpenVPN documentation I switched from 'server' to 'server-bridge':

server-bridge 192.168.0.9 255.255.255.0 192.168.0.123 192.168.0.254

and setup the iptables rules per the doc, and setup bridging via the openvpn-startup scripts.


I can connect to the vpn, I get an IP of 192.168.0.123 (hooray!) but I cant do anything from here: I cant ping 192.168.0.9, I cant ping 192.168.0.1... basically the only thing I can ping is myself (123).

I am currently 6000 miles away from home so perhaps was a stupid decision to make seeing as I'm now unable to access the server to revert anything.

I'm wondering (hoping) there is something I can configure on my client (Windows box) to setup the routes correctly... but am not a network guru so, as usual, will be asking the wise people of Hexus for some advice

... client log doesnt seem to throw up anything obvious, have taken out anything identifying (i think!):

Code:

Sun Nov 27 22:51:52 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Sun Nov 27 22:51:52 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 27 22:51:52 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 27 22:51:52 2011 LZO compression initialized
Sun Nov 27 22:51:52 2011 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Nov 27 22:51:52 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 27 22:51:53 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Nov 27 22:51:53 2011 Local Options hash (VER=V4): '31fdf004'
Sun Nov 27 22:51:53 2011 Expected Remote Options hash (VER=V4): '3e6d1056'
Sun Nov 27 22:51:53 2011 Attempting to establish TCP connection with [STRIPPED]:443
Sun Nov 27 22:51:53 2011 TCP connection established with [STRIPPED]:443
Sun Nov 27 22:51:53 2011 TCPv4_CLIENT link local: [undef]
Sun Nov 27 22:51:53 2011 TCPv4_CLIENT link remote: [STRIPPED]:443
Sun Nov 27 22:51:53 2011 TLS: Initial packet from [STRIPPED]:443, sid=05d1fc5c 5359b22e
Sun Nov 27 22:51:56 2011 VERIFY OK: depth=1, [STRIPPED]
Sun Nov 27 22:51:56 2011 VERIFY OK: depth=0, [STRIPPED]
Sun Nov 27 22:52:03 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 27 22:52:03 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 27 22:52:03 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 27 22:52:03 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 27 22:52:03 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Nov 27 22:52:03 2011 [server] Peer Connection Initiated with [STRIPPED]:443
Sun Nov 27 22:52:06 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 27 22:52:06 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.0.9,ifconfig 192.168.0.123 255.255.255.0'
Sun Nov 27 22:52:06 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 27 22:52:06 2011 OPTIONS IMPORT: route-related options modified
Sun Nov 27 22:52:06 2011 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{448379E6-D6B8-473E-924F-370C02CB3F98}.tap
Sun Nov 27 22:52:06 2011 TAP-Win32 Driver Version 9.7 
Sun Nov 27 22:52:06 2011 TAP-Win32 MTU=1500
Sun Nov 27 22:52:06 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.123/255.255.255.0 on interface {448379E6-D6B8-473E-924F-370C02CB3F98} [DHCP-serv: 192.168.0.0, lease-time: 31536000]
Sun Nov 27 22:52:06 2011 Successful ARP Flush on interface [46] {448379E6-D6B8-473E-924F-370C02CB3F98}
Sun Nov 27 22:52:11 2011 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Sun Nov 27 22:52:11 2011 Initialization Sequence Completed

[directhex]

Can you paste your client & server config files? I have this configured on a work VPN.

[streetster]

Can you paste your client & server config files? I have this configured on a work VPN.

Client is below but basic... Server is - well 6000 miles away and inaccessible

Code:

remote [stripped].dyndns.org 443
client
dev tap
proto tcp

ca   "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\client1.crt"
key  "C:\\Program Files (x86)\\OpenVPN\\config\\client1.key"

comp-lzo

verb 3

log "C:\\openvpn-log.log"

I have a feeling that it might be a paths issue with the openvpn-startup script as I half recall seeing a 'unknown command' or similar message before I got booted off...

I'm going to see if I can get someone in my house to ssh into the box and pull the config file and/or try to fix the openvpn-startup script, but will be blind instructions over IM...

Cheers,
Mark

[e!] Server config:

Code:

port 443 #1194
dev tap0
#dev-node tap-bridge

#server 10.123.0.0 255.255.255.0
server-bridge 192.168.0.9 255.255.255.0 192.168.0.123 192.168.0.254

ca    "/home/mark/.openvpn/ca.crt"
cert  "/home/mark/.openvpn/server.crt"
key   "/home/mark/.openvpn/server.key"
dh    "/home/mark/.openvpn/dh1024.pem"

proto tcp
comp-lzo
verb 3

log   "/home/mark/.openvpn/openvpn.log"

[e!!] Turns out brctl wasnt installed, so have apt-get installed that, needed to setup the paths in the openvpn-startup script too... fingers crossed.

[e!!!] Nope... that didnt fix it. What am I doing wrong...

Server log doesnt give much help:

Code:

Thu Jan  1 01:00:15 1970 OpenVPN 2.1.3 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010
Thu Jan  1 01:00:15 1970 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Thu Jan  1 01:00:15 1970 WARNING: --keepalive option is missing from server config
Thu Jan  1 01:00:15 1970 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jan  1 01:00:15 1970 Diffie-Hellman initialized with 1024 bit key
Thu Jan  1 01:00:15 1970 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Jan  1 01:00:16 1970 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jan  1 01:00:16 1970 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jan  1 01:00:16 1970 TUN/TAP device tap0 opened
Thu Jan  1 01:00:16 1970 TUN/TAP TX queue length set to 100
Thu Jan  1 01:00:16 1970 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jan  1 01:00:16 1970 Listening for incoming TCP connection on [undef]
Thu Jan  1 01:00:16 1970 TCPv4_SERVER link local (bound): [undef]
Thu Jan  1 01:00:16 1970 TCPv4_SERVER link remote: [undef]
Thu Jan  1 01:00:16 1970 MULTI: multi_init called, r=256 v=256
Thu Jan  1 01:00:16 1970 IFCONFIG POOL: base=192.168.0.123 size=132
Thu Jan  1 01:00:16 1970 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Jan  1 01:00:16 1970 Initialization Sequence Completed
Mon Nov 28 20:24:24 2011 MULTI: multi_create_instance called
Mon Nov 28 20:24:24 2011 Re-using SSL/TLS context
Mon Nov 28 20:24:24 2011 LZO compression initialized
Mon Nov 28 20:24:24 2011 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Nov 28 20:24:24 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 28 20:24:24 2011 Local Options hash (VER=V4): '3e6d1056'
Mon Nov 28 20:24:24 2011 Expected Remote Options hash (VER=V4): '31fdf004'
Mon Nov 28 20:24:24 2011 TCP connection established with [AF_INET][STRIPPED]:57843
Mon Nov 28 20:24:24 2011 TCPv4_SERVER link local: [undef]
Mon Nov 28 20:24:24 2011 TCPv4_SERVER link remote: [AF_INET][STRIPPED]:57843
Mon Nov 28 20:24:24 2011 [STRIPPED]:57843 TLS: Initial packet from [AF_INET][STRIPPED]:57843, sid=8a42e7e5 6c433839
Mon Nov 28 20:24:31 2011 [STRIPPED]:57843 VERIFY OK: depth=1, [STRIPPED]
Mon Nov 28 20:24:31 2011 [STRIPPED]:57843 VERIFY OK: depth=0, [STRIPPED]
Mon Nov 28 20:24:34 2011 [STRIPPED]:57843 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 28 20:24:34 2011 [STRIPPED]:57843 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 28 20:24:34 2011 [STRIPPED]:57843 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 28 20:24:34 2011 [STRIPPED]:57843 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 28 20:24:34 2011 [STRIPPED]:57843 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 28 20:24:34 2011 [STRIPPED]:57843 [client1] Peer Connection Initiated with [AF_INET][STRIPPED]:57843
Mon Nov 28 20:24:36 2011 client1/[STRIPPED]:57843 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 28 20:24:36 2011 client1/[STRIPPED]:57843 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 192.168.0.9,ifconfig 192.168.0.123 255.255.255.0' (status=1)
Mon Nov 28 20:24:37 2011 client1/[STRIPPED]:57843 MULTI: Learn: 00:ff:44:83:79:e6 -> client1/[STRIPPED]:57843

OK... so if I run:

Code:

# /etc/openvpn/openvpn-shutdown; /etc/openvpn/openvpn-startup; /etc/init.d/openvpn start

I get:

Code:

Stopping virtual private network daemon: tap0.
br0: ERROR while getting interface flags: No such device
bridge br0 doesn't exist; can't delete it
Mon Nov 28 20:41:11 2011 TUN/TAP device tap0 opened
Mon Nov 28 20:41:12 2011 Persist state set to: OFF
Mon Nov 28 20:41:12 2011 TUN/TAP device tap0 opened
Mon Nov 28 20:41:12 2011 Persist state set to: ON
Starting virtual private network daemon: tap0.

and ifconfig gives me:

Code:

br0       Link encap:Ethernet  HWaddr b6:68:32:e1:4b:f1
          inet addr:192.168.0.9  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::b468:32ff:fee1:4bf1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4934 (4.8 KiB)  TX bytes:1878 (1.8 KiB)

eth0      Link encap:Ethernet  HWaddr c0:3f:0e:xx:xx:xx
          inet6 addr: fe80::c23f:eff:fe28:db3/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1785 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1682 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:342012 (333.9 KiB)  TX bytes:123598 (120.7 KiB)
          Interrupt:11

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:124 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11056 (10.7 KiB)  TX bytes:11056 (10.7 KiB)

tap0      Link encap:Ethernet  HWaddr b6:68:32:e1:4b:f1
          inet6 addr: fe80::b468:32ff:fee1:4bf1/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:4388 (4.2 KiB)

Which looks alright(ish) - though notice all the errors - but I cant actually connect, the client vpn connection just times out.

A reboot of the server means I can connect to the vpn but ifconfig gives me:

Code:

eth0      Link encap:Ethernet  HWaddr c0:3f:0e:xx:xx:xx
          inet addr:192.168.0.9  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::c23f:eff:fe28:db3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:409 errors:0 dropped:0 overruns:0 frame:0
          TX packets:478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:76640 (74.8 KiB)  TX bytes:51008 (49.8 KiB)
          Interrupt:11

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:112 errors:0 dropped:0 overruns:0 frame:0
          TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9580 (9.3 KiB)  TX bytes:9580 (9.3 KiB)

so no tap0 and no br0, but no errors... although I cant do anything from the client maching except ping itself (192.168.0.123).

I am stumped.

[spoon_]

Shouldn't your client have tap0 for the device as opposed to tap?

Also turn verbose logging - verb 5, post outputs please.

[directhex]

Looks like your br0 isn't set up properly, it should be there on boot

Your /etc/network/interfaces should contain something along the lines of:

Code:

auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp off

And have NO section for eth0. Also ensure you don't have network-manager interfering with your network config.

[streetster]

Shouldn't your client have tap0 for the device as opposed to tap?

tap0 vs. tap makes no difference for the windows box, am thinking it's the linux machine setup rather than the VPN configuration that's squiffy.

Looks like your br0 isn't set up properly, it should be there on boot

Your /etc/network/interfaces should contain something along the lines of:

Code:

auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp off

And have NO section for eth0. Also ensure you don't have network-manager interfering with your network config.

^^ Is it possible that this could screw up the box so it'll no longer be contactable over ethernet? It's a debian install on a Netgear Stora so if I cant reach the box then it's a case of taking it apart and hooking up a serial cable

Am assuming the br0 needs to exist for the brctl process to work it's magic...

I'll give this a crack when I can persuade someone to ssh into the box again.

Cheers!

[directhex]

You likely also want something like

Code:

up "/etc/openvpn/bridge-start br0"
down "/etc/openvpn/bridge-stop br0"

in your server.conf, to actually create the tap bridge onto the br0 device.

My bridge-start script is

Code:

#!/bin/sh

BR=$1
DEV=$2
MTU=$3
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV

and bridge-stop is

Code:

#!/bin/sh

BR=$1
DEV=$2

/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down

which I pulled from some wiki somewhere when I got this working

[streetster]

I've got the scripts from here and they're in /etc/openvpn/openvpn-startup and -shutdown which should get called on starup/shutdown of the openvpn daemon.

[streetster]

Balls... looks like the stora is inaccessible. It's not responding to ssh from inside the network and whilst I can connect to it over VPN I cant even ping 192.168.0.123 from here let alone actually access the box.

Looks like it's going to be a serial cable job. Just what I didnt want to happen.

[streetster]

Sorted - had to pull the harddrive out of the stora, mount it under linux and then sort out my interfaces file.

Thanks very much directhex, all good now!

[streetster]

Sorted - had to pull the harddrive out of the stora, mount it under linux and then sort out my interfaces file.

Thanks very much directhex, all good now!

Except it's not all good...

I'm back where I was in the first post. br0 now exists in /etc/network/interfaces, and when I do ifconfig it looks like the one a few posts up (ie I have br0, eth0, loopback and tap0).

Yet when I connect I get an IP of 192.168.0.123 but cannot ping anything.

I've tried manually adding routes for 192.168.0.1 via 192.168.0.123 because if I try a traceroute to 192.168.0.1 (or 9) it tries to go through my work connection (192.168.102.x).

This is ridiculously frustrating!

[directhex]

Hm

Can you give a copy of your client routing table? I think it's "route" in a cmd window. That or "route print"

[streetster]

Hm
Can you give a copy of your client routing table? I think it's "route" in a cmd window. That or "route print"

It's below (note am connected via WiFi):

Code:

C:\Users\mark>route print
===========================================================================
Interface List
 46...00 ff 44 aa aa aa ......TAP-Win32 Adapter V9
 38...00 27 10 aa aa aa ......Microsoft Virtual WiFi Miniport Adapter
 27...00 ff b0 aa aa aa ......Juniper Network Connect Virtual Adapter
 16...00 27 10 aa aa aa ......Intel(R) Centrino(R) Advanced-N 6200 AGN
 15...00 a0 c6 aa aa aa ......Qualcomm Gobi 2000 HS-USB Mobile Broadband Device 9205
 13...5c ff 35 aa aa aa ......Intel(R) 82577LM Gigabit Network Connection
 12...78 dd 08 aa aa aa ......Bluetooth Device (Personal Area Network)
 94...00 50 56 aa aa aa ......VMware Virtual Ethernet Adapter for VMnet1
 95...00 50 56 aa aa aa ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
 19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 40...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #22
 52...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #31
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
 58...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #37
 21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
 22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
 24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
 53...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #32
 23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
 25...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
 26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
 78...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #57
 70...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #49
 28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
 29...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
 30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
 31...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
 32...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
 33...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
 34...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
 35...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #18
 36...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #19
 37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
 59...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #38
 39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #21
 41...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #23
 89...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #63
 42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #24
 43...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #25
 44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #26
 45...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #27
 63...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #42
 49...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #28
 69...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #48
 64...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #43
 60...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #39
 50...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #29
 51...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #30
 54...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #33
 61...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #40
 55...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #34
 56...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #35
 57...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #36
 86...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #61
 79...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #58
 93...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #66
 62...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #41
 91...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #65
 88...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #62
 65...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #44
 66...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #45
 67...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #46
 68...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #47
 90...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #64
 71...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #50
 72...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #51
 85...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #60
 73...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #52
 74...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #53
 75...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #54
 84...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #59
100...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 76...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #55
 77...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #56
 98...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 96...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
101...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 99...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.102.1   192.168.102.81     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.123    286
    192.168.0.123  255.255.255.255         On-link     192.168.0.123    286
    192.168.0.255  255.255.255.255         On-link     192.168.0.123    286
    192.168.102.0  255.255.255.128         On-link    192.168.102.81    281
   192.168.102.81  255.255.255.255         On-link    192.168.102.81    281
  192.168.102.127  255.255.255.255         On-link    192.168.102.81    281
    192.168.119.0    255.255.255.0         On-link     192.168.119.1    276
    192.168.119.1  255.255.255.255         On-link     192.168.119.1    276
  192.168.119.255  255.255.255.255         On-link     192.168.119.1    276
    192.168.150.0    255.255.255.0         On-link     192.168.150.1    276
    192.168.150.1  255.255.255.255         On-link     192.168.150.1    276
  192.168.150.255  255.255.255.255         On-link     192.168.150.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.123    286
        224.0.0.0        240.0.0.0         On-link     192.168.119.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.150.1    276
        224.0.0.0        240.0.0.0         On-link    192.168.102.81    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.123    286
  255.255.255.255  255.255.255.255         On-link     192.168.119.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.150.1    276
  255.255.255.255  255.255.255.255         On-link    192.168.102.81    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 46    286 fe80::/64                On-link
 94    276 fe80::/64                On-link
 95    276 fe80::/64                On-link
 16    281 fe80::/64                On-link
 95    276 fe80::245c:7e41:aae1:8f9f/128
                                    On-link
 16    281 fe80::2862:862a:b4d8:b918/128
                                    On-link
 46    286 fe80::6934:1047:ec86:4fd7/128
                                    On-link
 94    276 fe80::cd3a:961c:1ffd:45f1/128
                                    On-link
  1    306 ff00::/8                 On-link
 46    286 ff00::/8                 On-link
 94    276 ff00::/8                 On-link
 95    276 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\mark>

Attempt to ping/traceroute:

Code:

C:\Users\mark>ping 192.168.0.9

Pinging 192.168.0.9 with 32 bytes of data:
Reply from 192.168.0.123: Destination host unreachable.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.9:
    Packets: Sent = 3, Received = 1, Lost = 2 (66% loss),
Control-C
^C
C:\Users\mark>tracert 192.168.0.9

Tracing route to 192.168.0.9 over a maximum of 30 hops

  1    22 ms     2 ms     4 ms  192.168.102.2
  2     2 ms     1 ms     1 ms  192.168.96.4
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8  ^C

I just tried to connect using my linux vm, seems to setup the routes correctly but can't ping either:

Code:

mark@ubuntu:~$ ping 192.168.0.9
PING 192.168.0.9 (192.168.0.9) 56(84) bytes of data.
From 192.168.0.123 icmp_seq=2 Destination Host Unreachable
From 192.168.0.123 icmp_seq=3 Destination Host Unreachable
From 192.168.0.123 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.0.9 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms
pipe 3
mark@ubuntu:~$ traceroute 192.168.0.9
traceroute to 192.168.0.9 (192.168.0.9), 30 hops max, 60 byte packets
 1  ubuntu.local (192.168.0.123)  3003.109 ms !H  3003.195 ms !H  3003.197 ms !H

My initial thought was that I should delete the route and add it with a lower (?) metric... but that didnt help, and seems that even if I try to route down the .123 address it doesnt work.