OpenVPN - Can connect but not ping

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
DaS07
OpenVpn Newbie
Posts: 5
Joined: Fri Jun 30, 2017 3:08 pm

OpenVPN - Can connect but not ping

Post by DaS07 » Fri Jun 30, 2017 3:58 pm

Hello everybody, I have a question:

I can connect to my Intranet PC from an extern laptop, but I can not ping. But I don't know why...
If I ping, I get the message:
From 192.168.10.101 icmp_seq=1 Destination Host Unreachable
...
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3999ms pipe 3

Code: Select all

PC01 (192.168.10.12)=======FW Intern: eth0: 192.168.10.140 | eth1: 192.168.20.140 
FW Intern ========= FW Extern: eth0: 192.168.20.150||eth1: 10.1.0.333
FW Extern ==== Internet ====== Laptop: 10.1.0.25
Between: FW I and FW E: DNS - 192.168.20.1
server.conf

Code: Select all

script-security 2
mode server
tls-server
port 1194
proto udp
dev tap0
ca ca.crt
cert cert.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.10.140 255.255.255.0 192.168.10.100 192.168.10.130
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status open-status.log
verb3
cipher AES-256-CBC
auth SHA512
push "ping 10"
push "ping-restart 60"
push "dhcp-option DNS 192.168.20.1"
push "route 192.168.10.12"
client.conf

Code: Select all

dev tap
proto udp
remote 10.1.0.333 1194
client
keepalive 15 120
verb 3
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
auth SHA512
comp-lzo
FW-Intern:

Code: Select all

...
-A INPUT -i eth1 -p udp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT

-A INPUT -i tap+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
...
-A POSTROUTING -o eth1 -j MASQUERADE
...
FW extern:

Code: Select all

...
-A FORWARD -p udp -m multiport --dport 53,1194,1195 -m state --state NEW -j ACCEPT
...
-A POSTROUTING -o eth1 -j MASQUERADE
-A PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination 192.168.20.140
...
route -n

Code: Select all

Ziel				Router		Genmask			Flags 	Metric	Ref		Use		Iface
...
192.168.10.0		0.0.0.0		255.255.255.0		U		0		0		0		tap0
192.168.10.12		192.168.10.140	255.255.255.255	UGH		0		0		0		tap0
ip route get 192.168.10.12

Code: Select all

192.168.10.12 via 192.168.10.140 dev tap0 src 192.168.10.101
     cash
ifconfig (client)

Code: Select all

eth0		Link encap: Ethernet		Hardware ...
		inet Address: 10.1.0.25 Bcast: 10.1.0.255 Mask: 255.255.255.0
		...
		
lo		Link encap: Local Loop
		int Address: 127.0.0.1 Mask: 255.0.0.0
		...
		
tap0		Link encap: Ethernet 	Hardware	...
		inet Address 192.168.10.101	Bcast 192.168.10.255	Mask 255.255.255.0
		...
Thanks for every help :)

Greetings

wangyucn
OpenVpn Newbie
Posts: 5
Joined: Wed Aug 09, 2017 3:42 pm

Re: OpenVPN - Can connect but not ping

Post by wangyucn » Wed Aug 09, 2017 3:46 pm

try to add following line at both side:
fragment 1200
mssfix 1200

Post Reply