OpenVPN.eu
http://forum.openvpn.eu/

Cannot ping server, can ping clients ??
http://forum.openvpn.eu/viewtopic.php?f=25&t=7795
Page 1 of 1

Author:  gwxe [ 28.10.2011 14:09 ]
Post subject:  Cannot ping server, can ping clients ??

Hello,
i've a problem with configuring my OpenVPN.
My network is:
[subnet 192.168.2...] <> [VPN client 192.168.2.1 (10.8.0.] <net> /eth1/[VPN server 192.168.0.1 (10.8.0.1)]/eth0/ <> [subnet 192.168.0...]

Tunnel is OK. The problem is I cannot access (even ping) my VPN server and all server's subnet computers from client. But I can ping client from server and all server's subnet PCs.
But i can ping server using vpn's virtual IP.
So it is:
client side:
ping 192.168.0.1 = fail
ping 10.8.0.1 = OK

server side:
ping 192.168.2.1 = OK

please help... it's driving me nuts!

Server's iptables:
Code:
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*mangle
:PREROUTING ACCEPT [68232:43165935]
:INPUT ACCEPT [1579:159656]
:FORWARD ACCEPT [66653:43006279]
:OUTPUT ACCEPT [1185:131888]
:POSTROUTING ACCEPT [67701:43129175]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*nat
:PREROUTING ACCEPT [1579:110478]
:POSTROUTING ACCEPT [8:1480]
:OUTPUT ACCEPT [260:17655]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Oct 28 16:08:03 2011
# Generated by iptables-save v1.4.8 on Fri Oct 28 16:08:03 2011
*filter
:INPUT ACCEPT [584:63835]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1185:131888]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT ! -i eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT ! -i eth0 -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -m state --state INVALID -j LOG --log-prefix "INPUT DROP INVALID " --log-tcp-options --log-ip-options
-A INPUT -m state --state INVALID -j DROP
-A FORWARD -d 192.168.0.0/16 -i eth0 -j DROP
-A FORWARD -s 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i eth1 -j ACCEPT
-A FORWARD -m state --state INVALID -j LOG --log-prefix "FORWARD DROP INVALID " --log-tcp-options --log-ip-options
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD ! -i lo -j LOG --log-prefix "FORWARD DROP " --log-tcp-options --log-ip-options
-A OUTPUT -m state --state INVALID -j LOG --log-prefix "OUTPUT DROP INVALID " --log-tcp-options --log-ip-options
COMMIT
# Completed on Fri Oct 28 16:08:03 2011


routes:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
xxx.xxx.xxx.xxx  *               255.255.255.240 U     0      0        0 eth1
192.168.7.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.2.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.16.0    10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.15.0    10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.2.0   10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.9.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
default         xxx.xxx.xxx.xxx 0.0.0.0         UG    0      0        0 eth1


Author:  gwxe [ 29.10.2011 10:58 ]
Post subject:  Re: Cannot ping server, can ping clients ??

SOLVED!!
by adding to openvpn.conf (client):
Code:
ifconfig 10.8.0.2 10.8.0.1

and server's openvpn.conf:
Code:
ifconfig 10.8.0.1 10.8.0.2

from now I can access server and client's subnet.
To connect server's subnet, enable forwarding on server:
Code:
iptables -A FORWARD -i tun0 -j ACCEPT

then restart openvpn.
cheers

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/