[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] pings from router to private subnet


  • Subject: Re: [Openvpn-users] pings from router to private subnet
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 13 Sep 2007 19:45:45 +0200

Title: [Openvpn-users] pings from router to private subnet
Hi!
 
If the two routers are not too different, try comparing their routing table and firewall settings.
Or just post them (if you didn't already last time).
 
Regards,
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Darwin O.V. Alonso
Sent: Thu 13-Sep-07 19:20
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] pings from router to private subnet



I posted this a month ago but did not receive
any responses, so I'm trying again. I would
just like to get a feel for if I should focus on
routing or iptables to fix the following problem.

I have two private subnets connected by two static key
openvpn firewall/routers.
* what works: machines on the private subnets can ping all
the machines on either subnet.  Basically, things work fine.
* what's broken(?): Router-1 can NOT ping machines
in the opposite subnet, although Router-1 CAN ping the private
interface on the opposite router (wtf!).
Router-2 can ping opposite machines and the opposite interface.


 192.168.3.10  Machine#1
   |
 |-------------------------------|
 |192.168.3.245  -open VPN router| Router-1
 |-------------------------------|
   |
   |64...(public)
   |
 |-------------------------------|
 |192.168.1.245  -open VPN router| Router-2
 |-------------------------------|
   |
 192.168.1.35 Machine#2


Machines #1 and #2 can ping all IP addresses shown.
Router 2 can ping all IP address shown
*** Router 1 can ping 192.168.1.245, but it can NOT ping 192.168.1.35 ***

Do any of you have any general suggestions?

Thanks,
Darwin


-----------------------------------------------------------------------------
OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 21 2007
RHEL5 on all machines.
Non-bridging

Traceroute Output:

___On Router-1___
[root@Router-1 ~]# traceroute to 192.168.1.245 (192.168.1.245), 30 hops max, 40 byte packets
 1  192.168.1.245 (192.168.1.245)  0.583 ms  0.465 ms  0.429 ms
i.e. WORKS

[root@Router-1 ~]# traceroute to 192.168.1.35 (192.168.1.35), 30 hops max, 40 byte packets
 1  10.0.230.1 (10.0.230.1)  0.729 ms  0.595 ms  0.600 ms
... stops here BROKEN

__Behind Router-1 on Machine 192.168.3.10___
[root@Machine-1 ~]#traceroute to 192.168.1.35 (192.168.1.35), 30 hops max, 40 byte packets
 1  Router-1-in.md (192.168.3.245)  0.220 ms  0.146 ms  0.120 ms
 2  10.0.230.1 (10.0.230.1)  0.690 ms  0.601 ms  0.636 ms
 3  Machine-2(192.168.1.35)  0.845 ms  0.853 ms  0.863 ms
WORKS

___On Router-2___
[root@Router-2 ~]# traceroute 192.168.3.245
traceroute to 192.168.3.245 (192.168.3.245), 30 hops max, 40 byte packets
 1  Router-1-in (192.168.3.245)  0.693 ms  0.535 ms  0.536 ms
WORKS

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users