OpenVPN - Can connect but not ping

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
DaS07
OpenVpn Newbie
Posts: 5
Joined: Fri Jun 30, 2017 3:08 pm

OpenVPN - Can connect but not ping

Postby DaS07 » Fri Jun 30, 2017 3:58 pm

Hello everybody, I have a question:

I can connect to my Intranet PC from an extern laptop, but I can not ping. But I don't know why...
If I ping, I get the message:
From 192.168.10.101 icmp_seq=1 Destination Host Unreachable
...
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3999ms pipe 3


Code: Select all

PC01 (192.168.10.12)=======FW Intern: eth0: 192.168.10.140 | eth1: 192.168.20.140
FW Intern ========= FW Extern: eth0: 192.168.20.150||eth1: 10.1.0.333
FW Extern ==== Internet ====== Laptop: 10.1.0.25
Between: FW I and FW E: DNS - 192.168.20.1


server.conf

Code: Select all

script-security 2
mode server
tls-server
port 1194
proto udp
dev tap0
ca ca.crt
cert cert.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.10.140 255.255.255.0 192.168.10.100 192.168.10.130
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status open-status.log
verb3
cipher AES-256-CBC
auth SHA512
push "ping 10"
push "ping-restart 60"
push "dhcp-option DNS 192.168.20.1"
push "route 192.168.10.12"


client.conf

Code: Select all

dev tap
proto udp
remote 10.1.0.333 1194
client
keepalive 15 120
verb 3
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
auth SHA512
comp-lzo


FW-Intern:

Code: Select all

...
-A INPUT -i eth1 -p udp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT

-A INPUT -i tap+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
...
-A POSTROUTING -o eth1 -j MASQUERADE
...


FW extern:

Code: Select all

...
-A FORWARD -p udp -m multiport --dport 53,1194,1195 -m state --state NEW -j ACCEPT
...
-A POSTROUTING -o eth1 -j MASQUERADE
-A PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination 192.168.20.140
...


route -n

Code: Select all

Ziel            Router      Genmask         Flags    Metric   Ref      Use      Iface
...
192.168.10.0      0.0.0.0      255.255.255.0      U      0      0      0      tap0
192.168.10.12      192.168.10.140   255.255.255.255   UGH      0      0      0      tap0


ip route get 192.168.10.12

Code: Select all

192.168.10.12 via 192.168.10.140 dev tap0 src 192.168.10.101
     cash


ifconfig (client)

Code: Select all

eth0      Link encap: Ethernet      Hardware ...
      inet Address: 10.1.0.25 Bcast: 10.1.0.255 Mask: 255.255.255.0
      ...
      
lo      Link encap: Local Loop
      int Address: 127.0.0.1 Mask: 255.0.0.0
      ...
      
tap0      Link encap: Ethernet    Hardware   ...
      inet Address 192.168.10.101   Bcast 192.168.10.255   Mask 255.255.255.0
      ...


Thanks for every help :)

Greetings

wangyucn
OpenVpn Newbie
Posts: 4
Joined: Wed Aug 09, 2017 3:42 pm

Re: OpenVPN - Can connect but not ping

Postby wangyucn » Wed Aug 09, 2017 3:46 pm

try to add following line at both side:
fragment 1200
mssfix 1200


Return to “Server Administration”

Who is online

Users browsing this forum: No registered users and 4 guests