[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Cannot Ping Clients (OpenVPN LAN)

  • Subject: [Openvpn-users] Cannot Ping Clients (OpenVPN LAN)
  • From: "Burhan Khalid" <burhan.khalid@xxxxxxxxx>
  • Date: Tue, 11 Apr 2006 10:23:08 +0300


  I have been reading the howto and the faq, and I believe I have
followed every step, but my vpn client cannot ping any other servers
other than the vpn server itself.  I'm very new to openvpn, so I'm
hoping its just something I overlooked.

  Here is the setup:

  OpenVPN (installed from apt-get -- version is 2.0.x) server has one
network card, with the static IP  The gateway on the LAN
is a Linksys Router (, on which the UDP port has been
fowarded to the OpenVPN server.

  The configuration file is stock.  No changes made other than the
location of the certificates, and the addition of these lines:

   push "route"
   push "dhcp-option DNS"

   The client is a Windows XP laptop.  It can connect fine, and it
gets the IP address from the VPN server.  It can ping the VPN
server, but any computer on the net cannot ping the
client, and the client cannot ping anyone (even the DNS server).

   Here is the result from a ping request to the client from net:

burhan@phoenix ~ $ ping
PING ( 56(84) bytes of data.
>From icmp_seq=2 Redirect Host(New nexthop:

--- ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7000ms

   Some packet analysis shows that the ping request is not carried
over the tun device, just the eth0 device (on the server).  I was
chatting with a helpful person on #openvpn and they suggested it might
be a firewall issue.  I then ran the commands from the TUN/TAP
forwarding Howto, restarted the server, but with the same results. 
Here is the output of iptables -L on the openvpn server:

root@goliath:/etc/openvpn# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Can someone please help me with this?


This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list