[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] pings from router to private subnet

  • Subject: Re: [Openvpn-users] pings from router to private subnet
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 13 Sep 2007 19:45:45 +0200

Title: [Openvpn-users] pings from router to private subnet
If the two routers are not too different, try comparing their routing table and firewall settings.
Or just post them (if you didn't already last time).

From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Darwin O.V. Alonso
Sent: Thu 13-Sep-07 19:20
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] pings from router to private subnet

I posted this a month ago but did not receive
any responses, so I'm trying again. I would
just like to get a feel for if I should focus on
routing or iptables to fix the following problem.

I have two private subnets connected by two static key
openvpn firewall/routers.
* what works: machines on the private subnets can ping all
the machines on either subnet.  Basically, things work fine.
* what's broken(?): Router-1 can NOT ping machines
in the opposite subnet, although Router-1 CAN ping the private
interface on the opposite router (wtf!).
Router-2 can ping opposite machines and the opposite interface.  Machine#1
 |  -open VPN router| Router-1
 |  -open VPN router| Router-2
   | Machine#2

Machines #1 and #2 can ping all IP addresses shown.
Router 2 can ping all IP address shown
*** Router 1 can ping, but it can NOT ping ***

Do any of you have any general suggestions?


OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 21 2007
RHEL5 on all machines.

Traceroute Output:

___On Router-1___
[root@Router-1 ~]# traceroute to (, 30 hops max, 40 byte packets
 1 (  0.583 ms  0.465 ms  0.429 ms
i.e. WORKS

[root@Router-1 ~]# traceroute to (, 30 hops max, 40 byte packets
 1 (  0.729 ms  0.595 ms  0.600 ms
... stops here BROKEN

__Behind Router-1 on Machine
[root@Machine-1 ~]#traceroute to (, 30 hops max, 40 byte packets
 1  Router-1-in.md (  0.220 ms  0.146 ms  0.120 ms
 2 (  0.690 ms  0.601 ms  0.636 ms
 3  Machine-2(  0.845 ms  0.853 ms  0.863 ms

___On Router-2___
[root@Router-2 ~]# traceroute
traceroute to (, 30 hops max, 40 byte packets
 1  Router-1-in (  0.693 ms  0.535 ms  0.536 ms

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
Openvpn-users mailing list