Able to connect via OpenVPN but cannot ping LAN devices

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Andrew Whale
OpenVpn Newbie
Posts: 1
Joined: Thu Jun 23, 2016 8:33 am

Able to connect via OpenVPN but cannot ping LAN devices

Post by Andrew Whale » Thu Jun 23, 2016 9:02 am

Hi
I set up OpenVPN server on my AsusRT-N66U router. Settings are:
Interface = TUN
Protocol =- UDP
Server port = 1194
Firewall = Auto
Auth Mode = TLS
Extra HMAC auth = Disabled
VPN Subnet = 10.8.0.0 255.255.255.0
Poll int = 0
Push LAN to clients = Yes
Direct clients to redirect internal traffic = No
Respond to DNS = No
Encryption cypher = No
Manage client specific options - No

The problem
If I connect my android phone over the LAN, I can ping the Windows PC on 192.168.1.104 no problem.
It I disable the LAN connection on Android phone and connect using OpenVPN app over 4G mobile network (ipv4 10.8.0.6), I cannot ping 192.168.1.104
However I can ping the router on 192.168.1.1.
Disabling firewall on PC makes no difference.
I think the fault is with OpenVPN on the router - not routing 10.8.0.6 traffic to 192.160.1.104.
I've included that log from the router which to me suggests that routing has been configured correctly - but I could be wrong as I am no networking expert.

Router log details.....
Jun 23 08:15:52 openvpn[5460]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jun 23 08:15:52 openvpn[5460]: /sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Jun 23 08:15:52 openvpn[5460]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Jun 23 08:15:52 openvpn[5470]: UDPv4 link local (bound): [undef]
Jun 23 08:15:52 openvpn[5470]: UDPv4 link remote: [undef]
Jun 23 08:15:52 openvpn[5470]: MULTI: multi_init called, r=256 v=256
Jun 23 08:15:52 openvpn[5470]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Jun 23 08:15:52 openvpn[5470]: Initialization Sequence Completed
Jun 23 08:16:03 openvpn[5470]: 82.132.238.173:61133 TLS: Initial packet from [AF_INET]82.132.238.173:61133, sid=201d5ef6 483fe1da
Jun 23 08:16:07 openvpn[5470]: 82.132.238.173:61133 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U, emailAddress=me@myhost.mydomain
Jun 23 08:16:07 openvpn[5470]: 82.132.238.173:61133 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 TLS: Username/Password authentication succeeded for username 'tiddlerfromtad'
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Jun 23 08:16:08 openvpn[5470]: 82.132.238.173:61133 [client] Peer Connection Initiated with [AF_INET]82.132.238.173:61133
Jun 23 08:16:08 openvpn[5470]: client/82.132.238.173:61133 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jun 23 08:16:08 openvpn[5470]: client/82.132.238.173:61133 MULTI: Learn: 10.8.0.6 -> client/82.132.238.173:61133
Jun 23 08:16:08 openvpn[5470]: client/82.132.238.173:61133 MULTI: primary virtual IP for client/82.132.238.173:61133: 10.8.0.6
Jun 23 08:16:08 openvpn[5470]: client/82.132.238.173:61133 PUSH: Received control message: 'PUSH_REQUEST'
Jun 23 08:16:08 openvpn[5470]: client/82.132.238.173:61133 send_push_reply(): safe_cap=940
Jun 23 08:16:08 openvpn[5470]: client/82.132.238.173:61133 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)

Note that the router is on the most up-to-date version of firmware.

Googling the problem suggests that I am not alone with this problem, but solutions are unclear. Any ideas would be much appreciated.
Thanks.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Able to connect via OpenVPN but cannot ping LAN devices

Post by TinCanTech » Thu Jun 23, 2016 10:40 am

Andrew Whale wrote: I cannot ping 192.168.1.104 However I can ping the router on 192.168.1.1.
Add a static route for the VPN subnet to 192.168.1.104 .. or enable NAT on your router.

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

winger
OpenVpn Newbie
Posts: 10
Joined: Mon Nov 24, 2014 3:38 am

Re: Able to connect via OpenVPN but cannot ping LAN devices

Post by winger » Sat Mar 12, 2022 6:14 am

HI there - anyone have any luck with this?

I am using the OpenVPN servers on Asus and a TP-Link routers, so unsure if I can even add the following to the server configuration:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

And, in my case, is etho the IP of the LAN machine I am trying to access (192.168.1.101) or is it the LAN subnet 192.168.1.0 ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Able to connect via OpenVPN but cannot ping LAN devices

Post by TinCanTech » Sun Mar 13, 2022 3:16 am

@ winger

Everybody but you, read the howto.

Post Reply