OpenVPN ping client

[poczta@linuxmail.org]

Hello,

I have problem with ping openvpn IP clients from server

clinet1: 10.10.10.33
client2: 10.10.10.66
server: 10.10.10.1

From client1 i can ping server, but i cannot ping clinet2.
From server i cannot ping clinet1 and client2

why?



server.conf:

port 443
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server 10.10.10.0 255.255.255.0
client-config-dir ccd
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3

client.conf:

client
dev tun
proto udp
remote x.x.x.x 443
resolv-retry infinite
nobind
pkcs12 clinet1.p12
ns-cert-type server
comp-lzo
verb 3


ifconfig:

eth0 Link encap:Ethernet HWaddr 00:13:d3:d5:94:cc
inet addr:x.x.x.x Bcast:x.x.x.x Mask:255.255.255.248
inet6 addr: fe80::213:d3ff:fed5:94cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48706 errors:0 dropped:0 overruns:0 frame:0
TX packets:40536 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5201338 (4.9 MiB) TX bytes:7672616 (7.3 MiB)
Interrupt:23 Base address:0xd000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:188 errors:0 dropped:0 overruns:0 frame:0
TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12924 (12.6 KiB) TX bytes:12924 (12.6 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.10.1 P-t-P:10.10.10.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:203 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:17052 (16.6 KiB)


cat /proc/sys/net/ipv4/ip_forward
1

firewall on server and clients are disabled


IPTABLES:

Chain INPUT (policy ACCEPT 4466 packets, 418K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 68 packets, 4080 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 5491 packets, 766K bytes)
pkts bytes target prot opt in out source destination


root@gateway:~# ip route show all
10.10.10.2 dev tun0 proto kernel scope link src 10.10.10.1
xx.xx.xx.xx/29 dev eth0 proto kernel scope link src xx.xx.xx.xx
10.10.10.0/24 via 10.10.10.2 dev tun0
default via xx.xx.xx.xx dev eth0
root@gateway:~# ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

[maikcat]

hi there,

From client1 i can ping server, but i cannot ping clinet2.
From server i cannot ping clinet1 and client2

if you can ping the server from your clients but not the other way around
then something blocks incoming traffic from vpn interface on your clients,

what OS you clients have?

Michael.

[poczta@linuxmail.org]

what OS you clients have?
.

Clinet: windowsXP/Windows8
Firewall is disabled.

[poczta@linuxmail.org]

Can you halp me?

[maikcat]

the only thing i can say is this:

if your client can ping the server and not the other way around then:

1) your client doesnt respond to ping due to firewall/antivirus blocking icmp
(remember that modern antivirus filter network traffic)

2) your server blocks outgoing icmp requests to your clients (never happened to me..)

if your client can ping the server the tunnel is working...

Michael.