[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] pings from router to private subnet


  • Subject: [Openvpn-users] pings from router to private subnet
  • From: "Darwin O.V. Alonso" <dalonso@xxxxxxxxxxxxxxxx>
  • Date: Thu, 13 Sep 2007 10:20:04 -0700 (PDT)


I posted this a month ago but did not receive 
any responses, so I'm trying again. I would
just like to get a feel for if I should focus on 
routing or iptables to fix the following problem.

I have two private subnets connected by two static key
openvpn firewall/routers.
* what works: machines on the private subnets can ping all 
the machines on either subnet.  Basically, things work fine.
* what's broken(?): Router-1 can NOT ping machines 
in the opposite subnet, although Router-1 CAN ping the private 
interface on the opposite router (wtf!). 
Router-2 can ping opposite machines and the opposite interface.


 192.168.3.10  Machine#1
   |
 |-------------------------------|
 |192.168.3.245  -open VPN router| Router-1
 |-------------------------------|
   |
   |64...(public)
   |
 |-------------------------------|
 |192.168.1.245  -open VPN router| Router-2
 |-------------------------------|
   |
 192.168.1.35 Machine#2


Machines #1 and #2 can ping all IP addresses shown.
Router 2 can ping all IP address shown
*** Router 1 can ping 192.168.1.245, but it can NOT ping 192.168.1.35 ***

Do any of you have any general suggestions?

Thanks,
Darwin


-----------------------------------------------------------------------------
OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 21 2007
RHEL5 on all machines.
Non-bridging

Traceroute Output:

___On Router-1___
[root@Router-1 ~]# traceroute to 192.168.1.245 (192.168.1.245), 30 hops max, 40 byte packets
 1  192.168.1.245 (192.168.1.245)  0.583 ms  0.465 ms  0.429 ms
i.e. WORKS

[root@Router-1 ~]# traceroute to 192.168.1.35 (192.168.1.35), 30 hops max, 40 byte packets
 1  10.0.230.1 (10.0.230.1)  0.729 ms  0.595 ms  0.600 ms
... stops here BROKEN

__Behind Router-1 on Machine 192.168.3.10___
[root@Machine-1 ~]#traceroute to 192.168.1.35 (192.168.1.35), 30 hops max, 40 byte packets
 1  Router-1-in.md (192.168.3.245)  0.220 ms  0.146 ms  0.120 ms
 2  10.0.230.1 (10.0.230.1)  0.690 ms  0.601 ms  0.636 ms
 3  Machine-2(192.168.1.35)  0.845 ms  0.853 ms  0.863 ms
WORKS
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users