[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] No ping to the other side of tunnel


  • Subject: [Openvpn-users] No ping to the other side of tunnel
  • From: Attila Fulop <bata@xxxxxxxx>
  • Date: Wed, 21 Sep 2005 14:25:32 +0200

Hi There,

after playing with OpenVPN for a while I have no idea left, so I came here to ask what to do to heal this setup.

I have an OpenVPN server (linux) and I can connect to it from a Windows XP client,
"Wed Sep 21 14:06:27 2005 Initialization Sequence Completed"
However I only can ping my assigned IP address and nothing on the other side of the tunnel.


Both the server and the clients are the version of 2.0.2.

We have tried it from two different client (windows) PCs from two different networks,
with two different client certificate set, so I think we can exclude client failures.
We also have another server with almost the same configuration, and it works fine, and
both of these client can connect to the other server fine.


Since we have a working instance I've made comaprsions between the config files and
the rounting tables (both the client and the servers) and did not found any mentionable difference.


I was googleing and browsing the lists for a while, also read the FAQ so here is what I've already tried:

1.) Modified the server's firewall:

*iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

2.) I've checked the connection options (such as cipher,auth,keysize,etc) to see if there is a difference between client and server.

3.) I've made a **tcpdump -i tun0 on both the servers in order to see what happens.
What I've notified is:
- I have tons of lines when tcpdumping on the working server
- I have the following lines on the problematic server (at the first line I tried to make a ping from the client):
mosoly:/home/fulop # tcpdump -n -i tun0
tcpdump: listening on tun0
14:38:03.041002 10.8.77.6 > 192.168.77.10: icmp: echo request
14:38:26.603376 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
14:38:27.621096 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST
14:38:28.088917 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
14:38:29.124286 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST
14:38:29.591429 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
14:38:30.622887 10.8.77.6.137 > 10.8.77.1.137: NBT UDP PACKET(137): REFRESH(8); REQUEST; UNICAST

7 packets received by filter
0 packets dropped by kernel

Here is my server configuration:
--------------------------------
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/mosoly.crt
dh /etc/openvpn/keys/dh1024.pem
server 10.8.77.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 192.168.77.0 255.255.255.0"
push "dhcp-option WINS 10.8.77.1"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3

Here is my client configuration:
--------------------------------
client
dev tun
proto udp
remote myhost 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\docs\\vpn\\myhost\\ca.crt"
cert "C:\\docs\\vpn\\myhost\\fulop.crt"
key "C:\\docs\\vpn\\myhost\\fulop.key"
comp-lzo
verb 3


According to these investigation everything seems to me as if it's fine according to the documents. Can you give me any further advice what to investigate next?

Best regards

Attila.
*






____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users