[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] How to trace network problems?

  • Subject: Re: [Openvpn-users] How to trace network problems?
  • From: "Dennis Muhlestein" <djmuhlestein@xxxxxxxxx>
  • Date: Wed, 19 Sep 2007 10:19:30 -0600

> Follow the money, err... the route.
> What does traceroute say ?
> ping ? pinging each hop, starting with the nearest ?
> Do this from both sides, although I believe the problem will be more visible
> from the side
> that reports "no route".
> Regards,
> David

Well, ping and traceroute both stop at the local machine.  Here is
what is printed from my machine. is the vpn server's ip
address.  I'm connected to the vpn.

> tracepath
 1: (                                0.183ms pmtu 1500
 1:  no reply
 1: (                              2004.249ms !H

While using wireshark, I discovered a very interesting thing.  I can
ping and connect to other clients of the VPN.  (So indeed, we are
connected to the VPN and the VPN is working.)  This goes further to
support my theory that this is a networking problem and doesn't have
that much to do with the VPN.  As I mentioned before, I've been using
this VPN setup without any issues for a number of months.

Here is the setup
my client -> my router -> internet -> firewall -> vpn server and other
production servers on same network.
Before, the change, my client could ping/ssh whatever to any of the
production servers.
What changed:
One production server was split into a production server and a virtual
server on another machine.  From the point of the vpn server, all that
changed is an ip address has a different mac address.
After the change:
clients of the vpn can still ping access each other on the vpn
network, but no client can ping/access any production server,
including the vpn host.

I'm still lost on this one.  When I use Wireshark on the tap1
interface on my local machine, I see 0 traffic from the vpn server.
Nothing.  From another client, I see traffic as usual.

BTW, there are no firewalls (iptables or otherwise) on any servers.
OpenVPN mailing lists