I've been using OpenVPN for some time now. It works great for me, but I've been experiencing some "problems" during last weeks, basically related to access at the endpoints of the OpenVPN link (not bridging!).
My problem is that from the local OpenVPN endpoint host, I can't ping any remote host. Just can ping the remote endpoint. BUT from any host on the local network I can ping any host on the remote host. Of course, the problem is the same no matter what network do I take as "local" (this is to say that the "problem" takes place in both directions).
Actually this is not a huge problem for me, but I have a DNS server configured on the local endpoint host, and I cannot get it to connect to a slave DNS server on the remote network to update zones, and I would like to get it to work.
So, could someone tell me why endpoints cannot connect to remote hosts?? Something can be done??
Actually, I've run tcpdump on the tun0 device on the remote endpoint while pinging remote hosts from the local endpoint host, and the ICMP packets do really get to the remote endpoint, although they don't leave the remote endpoint... why's that??
# tcpdump -i tun0 23:58:39.245286 10.1.0.1 > 192.168.1.110: icmp: echo request (DF) 23:58:40.159602 10.1.0.1 > 192.168.1.110: icmp: echo request (DF) 23:58:41.352077 10.1.0.1 > 192.168.1.110: icmp: echo request (DF) 23:58:42.171780 10.1.0.1 > 192.168.1.110: icmp: echo request (DF) 23:58:43.165444 10.1.0.1 > 192.168.1.110: icmp: echo request (DF) 23:58:44.162785 10.1.0.1 > 192.168.1.110: icmp: echo request (DF)
where 192.168.1.110 is the remote host IP address, and 10.1.0.1 is the local endpoint IP address (the local host IP address should be 192.168.1.66, but doesn't show up anywhere).
This leads me to another question. It seems that remote hosts detect IP source address as the local OpenVPN endpoint IP address, NOT the local host IP address. Is this supposed to be like that??
As far as I've seen, this doesn't happen always. For example, SSH or WWW connections to remote hosts DO log source IP correctly, but this doesn't seem to work for ICMP packets (ping) and DNS transfer zones... any clue??
The problem with this is that I makes harder to authenticate remote IP addresses.
I've been reading all the info I've found on the OpenVPN site trying to find some answers, but couldn't find any.
Could someone give me some hint??
From what I seen, this problem of mine doesn't seem to be related to my config, but if someone thinks it's releavant, just tell me and I'll post it.