We currently have a server with 292 connected VPN clients. From one VPN client to another, I can ping them no problem. However, from the server I can ping 254 devices, but not the other 38. But sometimes after a few minutes a device that I couldn't ping before, I can now ping again.
Is there a limit I need to raise? Or is there another configuration issue that may be relevant? If not, what else could cause this problem?
Can ping some devices, but not others
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 10, 2017 12:48 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 10, 2017 12:48 pm
Re: Can ping some devices, but not others
Server is:
Client can be various OSes, mostly OpenWRT.
There aren't any errors in the logs, so no relevant logs to post.
Code: Select all
OpenVPN 2.3.8 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 12 2017
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
SERVER
mode server
proto tcp-server
port 11194
group openvpn
user openvpn
management localhost 7505
plugin /usr/share/openvpn/plugin/lib/enable-packet-filter.so
dev tap0
ifconfig 10.3.0.1 255.255.0.0
ifconfig-pool 10.3.0.2 10.3.15.254 255.255.0.0
client-to-client
persist-key
persist-tun
keepalive 10 30
tls-server
remote-cert-tls client
cipher AES-128-CBC
dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/keys/tls-auth.key 0
ca /etc/certauth/certs/cert-auth.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
script-security 2
up '/etc/openvpn/tools/openvpn-script.sh up'
client-connect '/etc/openvpn/tools/openvpn-script.sh client-connect'
client-disconnect '/etc/openvpn/tools/openvpn-script.sh client-disconnect'
down '/etc/openvpn/tools/openvpn-script.sh down'
log-append /var/log/openvpn/access.log
verb 4
mute 25
status /var/log/openvpn/status.log 60
status-version 3
proto tcp-server
port 11194
group openvpn
user openvpn
management localhost 7505
plugin /usr/share/openvpn/plugin/lib/enable-packet-filter.so
dev tap0
ifconfig 10.3.0.1 255.255.0.0
ifconfig-pool 10.3.0.2 10.3.15.254 255.255.0.0
client-to-client
persist-key
persist-tun
keepalive 10 30
tls-server
remote-cert-tls client
cipher AES-128-CBC
dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/keys/tls-auth.key 0
ca /etc/certauth/certs/cert-auth.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
script-security 2
up '/etc/openvpn/tools/openvpn-script.sh up'
client-connect '/etc/openvpn/tools/openvpn-script.sh client-connect'
client-disconnect '/etc/openvpn/tools/openvpn-script.sh client-disconnect'
down '/etc/openvpn/tools/openvpn-script.sh down'
log-append /var/log/openvpn/access.log
verb 4
mute 25
status /var/log/openvpn/status.log 60
status-version 3
CLIENT
dev tap
proto tcp
nobind
client
tls-client
remote $SERVER $PORT
remote-cert-tls server
cipher AES-128-CBC
key-direction 1
persist-key
persist-tun
auth-retry none
connect-retry-max infinite
resolv-retry infinite
<ca>$CERT_AUTH</ca>
<cert>$CERT</cert>
<key>$KEY</key>
<tls-auth>$TLS_AUTH</tls-auth>
proto tcp
nobind
client
tls-client
remote $SERVER $PORT
remote-cert-tls server
cipher AES-128-CBC
key-direction 1
persist-key
persist-tun
auth-retry none
connect-retry-max infinite
resolv-retry infinite
<ca>$CERT_AUTH</ca>
<cert>$CERT</cert>
<key>$KEY</key>
<tls-auth>$TLS_AUTH</tls-auth>
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Can ping some devices, but not others
You have clearly set it up all wrong .. please read the howto.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 10, 2017 12:48 pm
Re: Can ping some devices, but not others
It's not clear to me. Please explain.