[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] pings from router to private subnet


  • Subject: Re: [Openvpn-users] pings from router to private subnet
  • From: Stefan Lamby <slamby@xxxxxx>
  • Date: Thu, 13 Sep 2007 19:58:17 +0200

Darwin,

if it is possible, shut down all firewalls and try again. This is the
easiest solution to find out if you should focus at iptables or routing
issues.

Do not forget to enable ip-forwarding on the routers, once the firewalls
are down. If iptables are released, ip-forwarding is disabled and it
cant work.

So enable it again with:
echo 1 > /proc/sys/net/ipv4/ip_forward

You can check if enabled or not with:
cat /proc/sys/net/ipv4/ip_forward
0 (disabled), 1 (enabled)

Let us know.

Stefan


Darwin O.V. Alonso schrieb:
> I posted this a month ago but did not receive 
> any responses, so I'm trying again. I would
> just like to get a feel for if I should focus on 
> routing or iptables to fix the following problem.
>
> I have two private subnets connected by two static key
> openvpn firewall/routers.
> * what works: machines on the private subnets can ping all 
> the machines on either subnet.  Basically, things work fine.
> * what's broken(?): Router-1 can NOT ping machines 
> in the opposite subnet, although Router-1 CAN ping the private 
> interface on the opposite router (wtf!). 
> Router-2 can ping opposite machines and the opposite interface.
>
>
>  192.168.3.10  Machine#1
>    |
>  |-------------------------------|
>  |192.168.3.245  -open VPN router| Router-1
>  |-------------------------------|
>    |
>    |64...(public)
>    |
>  |-------------------------------|
>  |192.168.1.245  -open VPN router| Router-2
>  |-------------------------------|
>    |
>  192.168.1.35 Machine#2
>
>
> Machines #1 and #2 can ping all IP addresses shown.
> Router 2 can ping all IP address shown
> *** Router 1 can ping 192.168.1.245, but it can NOT ping 192.168.1.35 ***
>
> Do any of you have any general suggestions?
>
> Thanks,
> Darwin
>
>
> -----------------------------------------------------------------------------
> OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jun 21 2007
> RHEL5 on all machines.
> Non-bridging
>
> Traceroute Output:
>
> ___On Router-1___
> [root@Router-1 ~]# traceroute to 192.168.1.245 (192.168.1.245), 30 hops max, 40 byte packets
>  1  192.168.1.245 (192.168.1.245)  0.583 ms  0.465 ms  0.429 ms
> i.e. WORKS
>
> [root@Router-1 ~]# traceroute to 192.168.1.35 (192.168.1.35), 30 hops max, 40 byte packets
>  1  10.0.230.1 (10.0.230.1)  0.729 ms  0.595 ms  0.600 ms
> ... stops here BROKEN
>
> __Behind Router-1 on Machine 192.168.3.10___
> [root@Machine-1 ~]#traceroute to 192.168.1.35 (192.168.1.35), 30 hops max, 40 byte packets
>  1  Router-1-in.md (192.168.3.245)  0.220 ms  0.146 ms  0.120 ms
>  2  10.0.230.1 (10.0.230.1)  0.690 ms  0.601 ms  0.636 ms
>  3  Machine-2(192.168.1.35)  0.845 ms  0.853 ms  0.863 ms
> WORKS
>
> ___On Router-2___
> [root@Router-2 ~]# traceroute 192.168.3.245
> traceroute to 192.168.3.245 (192.168.3.245), 30 hops max, 40 byte packets
>  1  Router-1-in (192.168.3.245)  0.693 ms  0.535 ms  0.536 ms
> WORKS
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users