Re: [Openvpn-users] ICMP Checksum Error between connected sites

  Subject: Re: [Openvpn-users] ICMP Checksum Error between connected sites
  From: Erich Titl
  Date: Wed, 18 Jul 2007 14:47:15 +0000


Andrew Hall wrote:
> Hi there.
> I'm running an OpenVPN server in London, and have two site-to-site
> connections from branch offices in Venice and Munich.
> Recently, I began to use the "client-to-client" directive on the
> server so the two branch offices can communicate with each other.
> However, I have encountered an odd problem.
>>From one branch office to another branch office I cannot ping certain
> IP addresses. The addresses happen to be associated with Avaya VoIP
> units.
> All other pings between the branch offices work fine.
> Now here's the very odd bit...
>>From machines on the London network, I can ping these addresses in the
> branch offices - but not from the actual OpenVPN server itself.
> And as the branch offices are communicating with each other via the
> server in London, perhaps there is a connection here.
> I don't understand how I can ping from machines in the London office
> to machines in the branch office, but not if I do so from the OpenVPN
> server itself - which is on the same LAN.

Have you looked ath the icmp packets in the tunnel? Do they show up at
all? Do they have the addresses you expect?

> And if you attempt a traceroute, you just see "Icmp checksum error".

This is weird, which node reports this error?

> Can anyone think what on earth could be wrong here?

Smells a lot like routing/subnetting, but without details, who knows.



