[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Question about OpenVPN endpoints connectivity...

  • Subject: [Openvpn-users] Question about OpenVPN endpoints connectivity...
  • From: "Josep M. Torne (Txema)" <txema@xxxxxxxxx>
  • Date: Thu, 20 Nov 2003 00:06:37 +0100


I've been using OpenVPN for some time now. It works great for me, but I've been experiencing some "problems" during last weeks, basically related to access at the endpoints of the OpenVPN link (not bridging!).

My problem is that from the local OpenVPN endpoint host, I can't ping any remote host. Just can ping the remote endpoint. BUT from any host on the local network I can ping any host on the remote host. Of course, the problem is the same no matter what network do I take as "local" (this is to say that the "problem" takes place in both directions).

Actually this is not a huge problem for me, but I have a DNS server configured on the local endpoint host, and I cannot get it to connect to a slave DNS server on the remote network to update zones, and I would like to get it to work.

So, could someone tell me why endpoints cannot connect to remote hosts?? Something can be done??

Actually, I've run tcpdump on the tun0 device on the remote endpoint while pinging remote hosts from the local endpoint host, and the ICMP packets do really get to the remote endpoint, although they don't leave the remote endpoint... why's that??

# tcpdump -i tun0
23:58:39.245286 > icmp: echo request (DF)
23:58:40.159602 > icmp: echo request (DF)
23:58:41.352077 > icmp: echo request (DF)
23:58:42.171780 > icmp: echo request (DF)
23:58:43.165444 > icmp: echo request (DF)
23:58:44.162785 > icmp: echo request (DF)

where is the remote host IP address, and is the local endpoint IP address (the local host IP address should be, but doesn't show up anywhere).

This leads me to another question. It seems that remote hosts detect IP source address as the local OpenVPN endpoint IP address, NOT the local host IP address. Is this supposed to be like that??
As far as I've seen, this doesn't happen always. For example, SSH or WWW connections to remote hosts DO log source IP correctly, but this doesn't seem to work for ICMP packets (ping) and DNS transfer zones... any clue??
The problem with this is that I makes harder to authenticate remote IP addresses.

I've been reading all the info I've found on the OpenVPN site trying to find some answers, but couldn't find any.
Could someone give me some hint??
From what I seen, this problem of mine doesn't seem to be related to my config, but if someone thinks it's releavant, just tell me and I'll post it.


-- Txema txema@xxxxxxxxx

____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users