[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] can't reach server over TAP

  • Subject: Re: [Openvpn-users] can't reach server over TAP
  • From: Silver Salonen <silver@xxxxxxxxxxxx>
  • Date: Fri, 2 Mar 2007 10:39:36 +0200
On Tuesday 27 February 2007 11:26, Willy Offermans wrote:
> On Mon, Feb 26, 2007 at 12:36:38PM +0200, Silver Salonen wrote:
> > Hello!
> > 
> > I'm running 2.0.6 as server on FreeBSD-4.9 and 2.0.6 as client on 
FreeBSD-6.1 
> > (as well as on another FreeBSD-6.2). I'm using dev tap and bridging.
> > 
> > The problem is that although VPN is successfully established and seems to 
> > work, clients can't ping server (nor reach it any other way). Clients (as 
> > well as LANs behind them) can reach LAN behind the server though. Client's 
> > Firewall (PF) doesn't block anything and tcpdump on client's tap0 shows 
icmp 
> > request going to server and icmp reply coming back, but ping just doesn't 
see 
> > it.
> > 
> > The problem occured after changing server's hardware (the old machine 
died, so 
> > the HDD was moved into another machine with other network cards). After 
> > changing the according interface names in server's configurations, 
everything 
> > else is OK, but only this doesn't work.
> > 
> > Any ideas?
> > 
> > Silver
> > 
> 
> Hello Silver,
> 
> Did you check the route tables as well?
> 
> netstat -rn
> 
> The appropriate routes should be available.

Hi,

Sorry, I just now noticed somebody had replied me :)

But yes, routes and everything is OK. Server is 192.168.111.10/24 and OpenVPN 
client's tap0 is 192.168.111.225, int_if is 192.168.64.1

Route in server: 192.168.64	192.168.111.225	UGSc	1	3	xl1 (xl1 is bridged with 
tap0 so the packets are sent along VPN)
Route in client: 192.168.111	link#7	UC	0	0	tap0
Route in client: 192.168.111.10	00:bd:3a:3a:00:00	UHLW	1	26	tap0	1174 (this is 
getting moved after a while from server's tap0 MAC to 192.168.111.10's real 
MAC).
Route in client: 192.168.111.200	00:16:76:4a:5c:f5	UHLW	1	223	tap0	973

Client's tcpdump while pinging server:
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
10:28:23.895842 arp who-has 192.168.111.10 tell 192.168.111.225
10:28:23.912701 arp reply 192.168.111.10 is-at 00:bd:3a:3a:00:00 (oui Unknown)
10:28:23.912719 IP 192.168.111.225 > 192.168.111.10: ICMP echo request, id 
27344, seq 0, length 64
10:28:23.928005 IP 192.168.111.10 > 192.168.111.225: ICMP echo reply, id 
27344, seq 0, length 64

But well.. nothing is received by ping :(

But pinging some other IP is OK.. it's tcpdump:
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
10:31:29.236614 arp who-has 192.168.111.201 tell 192.168.111.197
10:31:29.707347 arp who-has 192.168.111.200 tell 192.168.111.225
10:31:29.784753 arp reply 192.168.111.200 is-at 00:16:76:4a:5c:f5 (oui 
Unknown)
10:31:29.784770 IP 192.168.111.225 > 192.168.111.200: ICMP echo request, id 
31696, seq 0, length 64
10:31:29.818018 IP 192.168.111.200 > 192.168.111.225: ICMP echo reply, id 
31696, seq 0, length 64

I just don't get it. I turned on verbosity in ping ("ICMP packets other than 
ECHO_RESPONSE that are received are listed"), but there's nothing..

Any debugging suggestions?

Silver
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users