Can ping some devices, but not others

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
devries
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 10, 2017 12:48 pm

Can ping some devices, but not others

Post by devries » Mon Jul 10, 2017 1:21 pm

We currently have a server with 292 connected VPN clients. From one VPN client to another, I can ping them no problem. However, from the server I can ping 254 devices, but not the other 38. But sometimes after a few minutes a device that I couldn't ping before, I can now ping again.

Is there a limit I need to raise? Or is there another configuration issue that may be relevant? If not, what else could cause this problem?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can ping some devices, but not others

Post by TinCanTech » Mon Jul 10, 2017 5:49 pm


devries
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 10, 2017 12:48 pm

Re: Can ping some devices, but not others

Post by devries » Tue Jul 11, 2017 6:25 am

Server is:

Code: Select all

OpenVPN 2.3.8 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 12 2017
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
SERVER
mode server
proto tcp-server
port 11194

group openvpn
user openvpn

management localhost 7505

plugin /usr/share/openvpn/plugin/lib/enable-packet-filter.so

dev tap0

ifconfig 10.3.0.1 255.255.0.0
ifconfig-pool 10.3.0.2 10.3.15.254 255.255.0.0

client-to-client

persist-key
persist-tun
keepalive 10 30

tls-server
remote-cert-tls client
cipher AES-128-CBC

dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/keys/tls-auth.key 0
ca /etc/certauth/certs/cert-auth.crt

cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key

script-security 2

up '/etc/openvpn/tools/openvpn-script.sh up'
client-connect '/etc/openvpn/tools/openvpn-script.sh client-connect'
client-disconnect '/etc/openvpn/tools/openvpn-script.sh client-disconnect'
down '/etc/openvpn/tools/openvpn-script.sh down'


log-append /var/log/openvpn/access.log
verb 4
mute 25

status /var/log/openvpn/status.log 60
status-version 3
Client can be various OSes, mostly OpenWRT.
CLIENT
dev tap
proto tcp
nobind

client
tls-client
remote $SERVER $PORT
remote-cert-tls server

cipher AES-128-CBC
key-direction 1

persist-key
persist-tun

auth-retry none
connect-retry-max infinite
resolv-retry infinite

<ca>$CERT_AUTH</ca>
<cert>$CERT</cert>
<key>$KEY</key>
<tls-auth>$TLS_AUTH</tls-auth>
There aren't any errors in the logs, so no relevant logs to post.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can ping some devices, but not others

Post by TinCanTech » Tue Jul 11, 2017 11:34 am

You have clearly set it up all wrong .. please read the howto.

devries
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 10, 2017 12:48 pm

Re: Can ping some devices, but not others

Post by devries » Wed Jul 12, 2017 6:44 am

It's not clear to me. Please explain.

Post Reply