[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] No ping to the other side of tunnel


  • Subject: Re: [Openvpn-users] No ping to the other side of tunnel
  • From: Attila Fulop <bata@xxxxxxxx>
  • Date: Mon, 26 Sep 2005 09:36:39 +0200

Ok it's been solved, thank you for your help.

The problem was the firewall which caused the error. (yet another tick to the firewall in the FAQ)
After switching it off I was able to reach the services running on the VPN machine.
I also had to add a static route in our router (10.8.77.0/24) and echo 1 > /proc/sys/net/ipv4/ip_forward/


That's all, now it's brilliant. :)

Thank you very much again for all your help.

Best regards


Leonard Isham wrote:

On 9/21/05, Attila Fulop <bata@xxxxxxxx> wrote:


Thanks Leonard for your reply.

/I forgot to wrote in my prior mail, I also made sure *echo 1 >
/proc/sys/net/ipv4/ip_forward/

*The client receives IP address 10.8.77.6

The server side:
tun0      Link encap:Point-to-Point Protocol
        inet addr:10.8.77.1  P-t-P:10.8.77.2  Mask:255.255.255.255


Tracerouting from the server: ----------------------------- mosoly:/home/fulop # traceroute -n 10.8.77.6 traceroute to 10.8.77.6 (10.8.77.6), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * *

Tracerouting from the client:
-----------------------------

C:\Documents and Settings\fulop.BP>tracert -d -h 4 10.8.77.5

Tracing route to 10.8.77.5 over a maximum of 4 hops

1    43 ms    58 ms    42 ms  10.8.77.1
2     *        *        *     Request timed out.
3     *        *        *     Request timed out.
4     *        *        *     Request timed out.

Trace complete.


C:\Documents and Settings\fulop.BP>tracert -d -h 6 10.8.77.1

Tracing route to 10.8.77.1 over a maximum of 6 hops

1     *        *        *     Request timed out.
2     *        *        *     Request timed out.
3     *        *        *     Request timed out.
4     *        *        *     Request timed out.
5     *        *        *     Request timed out.
6     *        *        *     Request timed out.

Trace complete.

I've made two pings on the client (ping 10.8.77.1, ping 10.8.77.5),
and here's what I got on the server:
mosoly:/home/fulop # tcpdump -n -i tun0
tcpdump: listening on tun0
15:55:20.227786 10.8.77.6 > 10.8.77.1: icmp: echo request
15:55:25.391548 10.8.77.6 > 10.8.77.1: icmp: echo request
15:55:29.446354 10.8.77.6 > 10.8.77.5: icmp: echo request
15:55:29.446416 10.8.77.6 > 10.8.77.5: icmp: echo request

mosoly:/home/fulop # tcpdump -n -i eth0 udp port 1194
tcpdump: listening on eth0
15:59:05.167704 192.168.77.10.1194 > 62.68.166.251.1862: udp 53 (DF)
15:59:09.399931 62.68.166.251.1862 > 192.168.77.10.1194: udp 53
15:59:14.596933 62.68.166.251.1862 > 192.168.77.10.1194: udp 101
15:59:15.727704 192.168.77.10.1194 > 62.68.166.251.1862: udp 53 (DF)
15:59:20.915199 62.68.166.251.1862 > 192.168.77.10.1194: udp 101
15:59:25.917726 192.168.77.10.1194 > 62.68.166.251.1862: udp 53 (DF)

6 packets received by filter
0 packets dropped by kernel

Sorry, I don't exactly know how I should tcpdump on the server,
and what should I watch in order to obtain where the replies are sent.

Best regards



Packets are unidirectional.  Requests are sent, but replies are not received.

Run tcpdump on the destination (10.8.77.1.137) and confirm the packets
are received.  Check where the replies are sent to if there are any.

Run traceroute/tracert from both systems (10.8.77.6.137 &
10.8.77.1.137) to see where the packets route.




Please stop posting it makes it difficult to follow the thread, and harder to help you.

1. Install winpcap and ethereal on the windows systems.
2. Make sure system times are in sync.
3. start a capture on both systems, and Open VPN Interfaces (Ethernet
and tunnel).

Test and compare the captures.

--
Leonard Isham, CISSP
Ostendo non ostento.


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users





____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users