OpenVPN - Client cannot ping internal network machines

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
oroset
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 27, 2021 11:49 am

OpenVPN - Client cannot ping internal network machines

Post by oroset » Mon Sep 27, 2021 12:14 pm

Hi,

I have a strange trouble.

My clients (windows 10 or Xp or Windows 11) can connect to the open vpn server. They can ping the server, and the server can ping the clients.
BUT the clients cannot ping the other machines behind the vpn, inthe internal network.

There is no firewall on the clients.
The route table for one of the client is :

Code: Select all

===========================================================================
Liste d'Interfaces
 11...........................Wintun Userspace Tunnel
  2...00 e0 4c 68 00 1b ......Realtek USB GbE Family Controller #2
 15...00 ff 52 a1 29 30 ......TAP-Windows Adapter V9
 25...94 65 9c bc 72 76 ......Intel(R) Dual Band Wireless-AC 7265
 46...94 65 9c bc 72 77 ......Microsoft Wi-Fi Direct Virtual Adapter #4
 33...96 65 9c bc 72 76 ......Microsoft Wi-Fi Direct Virtual Adapter #5
  1...........................Software Loopback Interface 1
 50...00 15 5d 3d b5 0b ......Hyper-V Virtual Ethernet Adapter
===========================================================================

IPv4 Table de routage
===========================================================================
Itinéraires actifs :
Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique
          0.0.0.0          0.0.0.0    192.168.0.254     192.168.0.29     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     172.29.224.0    255.255.240.0         On-link      172.29.224.1   5256
     172.29.224.1  255.255.255.255         On-link      172.29.224.1   5256
   172.29.239.255  255.255.255.255         On-link      172.29.224.1   5256
      192.168.0.0    255.255.255.0         On-link      192.168.0.29    281
     192.168.0.29  255.255.255.255         On-link      192.168.0.29    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.29    281
      192.168.1.0    255.255.255.0         On-link     192.168.1.202    281
    192.168.1.202  255.255.255.255         On-link     192.168.1.202    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.202    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.202    281
        224.0.0.0        240.0.0.0         On-link      192.168.0.29    281
        224.0.0.0        240.0.0.0         On-link      172.29.224.1   5256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.202    281
  255.255.255.255  255.255.255.255         On-link      192.168.0.29    281
  255.255.255.255  255.255.255.255         On-link      172.29.224.1   5256
===========================================================================
Itinéraires persistants :
  Aucun
The client can ping the server, the server can ping the client.
The route table on the server is :

Code: Select all

Destination     Gateway      Genmask         Indic Metric Ref    Use Iface
lo1-lns1001-cou *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
default         *               0.0.0.0         U     0      0        0 ppp0

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 332
Joined: Tue Feb 16, 2021 10:41 am

Re: OpenVPN - Client cannot ping internal network machines

Post by openvpn_inc » Mon Sep 27, 2021 8:51 pm

Hello,

You need either NAT (easiest) or routing (best) for connecting to hosts in the same LAN as the VPN server. Also, that "server" route table is not from an OpenVPN Access Server. Show us:

Code: Select all

ip addr list
ip route list
from the Access Server. Maybe consider also opening a support ticket at the URL below.

Regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

oroset
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 27, 2021 11:49 am

Re: OpenVPN - Client cannot ping internal network machines

Post by oroset » Mon Sep 27, 2021 9:05 pm

Thanks for the answer.
NAT is enabled on the server. It's a gateway for the internal network stations.

Code: Select all

# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:15:c5:5f:e1:1a brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:15:c5:5f:e1:1b brd ff:ff:ff:ff:ff:ff
4: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
    link/ether 10:00:01:02:03:04 brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp
    inet xx.xxx.xxx.xxx peer 178.132.16.219/32 scope global ppp0
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:15:c5:5f:e1:1a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br0
7: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/ether fa:27:a7:ae:66:8d brd ff:ff:ff:ff:ff:ff
    
# ip route list
178.132.16.219 dev ppp0  proto kernel  scope link  src xx.xxx.xxx.xxx
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
default dev ppp0  scope link
The server is connected by a ppp router. The client is behind a internet box. The internal network, behind the server is in the network 192.168.1.0/24.

Post Reply