VPN connected but can't ping server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
marKent
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 16, 2017 6:07 pm

VPN connected but can't ping server

Post by marKent » Sun Apr 16, 2017 6:38 pm

Hello everyone, I've been trying to setup a VPN between a ubuntu server and a win10 client.

I managed to connect them but when I try to ping the server from the client and the other way around, I got nothing.

I've read different posts but still not working.

Client Config

Code: Select all

client
dev tun
proto udp
remote IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert tang.crt
key \tang.key
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
Server Config

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-options DNS 8.8.4.4"
push "dhcp-options DNS 4.4.4.4"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Log Client

Code: Select all

un Apr 16 20:34:42 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sun Apr 16 20:34:42 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Apr 16 20:34:42 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Sun Apr 16 20:34:42 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 16 20:34:42 2017 Need hold release from management interface, waiting...
Sun Apr 16 20:34:42 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 16 20:34:42 2017 MANAGEMENT: CMD 'state on'
Sun Apr 16 20:34:42 2017 MANAGEMENT: CMD 'log all on'
Sun Apr 16 20:34:42 2017 MANAGEMENT: CMD 'echo all on'
Sun Apr 16 20:34:42 2017 MANAGEMENT: CMD 'hold off'
Sun Apr 16 20:34:42 2017 MANAGEMENT: CMD 'hold release'
Sun Apr 16 20:34:42 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 16 20:34:43 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:34:43 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:34:43 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.18:1194
Sun Apr 16 20:34:43 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 16 20:34:43 2017 UDP link local: (not bound)
Sun Apr 16 20:34:43 2017 UDP link remote: [AF_INET]192.168.1.18:1194
Sun Apr 16 20:34:43 2017 MANAGEMENT: >STATE:1492367683,WAIT,,,,,,
Sun Apr 16 20:34:43 2017 MANAGEMENT: >STATE:1492367683,AUTH,,,,,,
Sun Apr 16 20:34:43 2017 TLS: Initial packet from [AF_INET]192.168.1.18:1194, sid=7f91ab35 8b4d038b
Sun Apr 16 20:34:43 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Sun Apr 16 20:34:43 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
Sun Apr 16 20:34:43 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sun Apr 16 20:34:43 2017 [server] Peer Connection Initiated with [AF_INET]192.168.1.18:1194
Sun Apr 16 20:34:44 2017 MANAGEMENT: >STATE:1492367684,GET_CONFIG,,,,,,
Sun Apr 16 20:34:44 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Apr 16 20:34:44 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Apr 16 20:34:44 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sun Apr 16 20:34:44 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 16 20:34:44 2017 OPTIONS IMPORT: route options modified
Sun Apr 16 20:34:44 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Apr 16 20:34:44 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr 16 20:34:44 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:34:44 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr 16 20:34:44 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:34:44 2017 interactive service msg_channel=0
Sun Apr 16 20:34:44 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=24 HWADDR=a4:db:30:51:60:57
Sun Apr 16 20:34:44 2017 open_tun
Sun Apr 16 20:34:44 2017 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{D6EDFAF7-CDDE-4F8B-BDB3-D4F159E18A31}.tap
Sun Apr 16 20:34:44 2017 TAP-Windows Driver Version 9.21 
Sun Apr 16 20:34:44 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {D6EDFAF7-CDDE-4F8B-BDB3-D4F159E18A31} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Apr 16 20:34:44 2017 Successful ARP Flush on interface [19] {D6EDFAF7-CDDE-4F8B-BDB3-D4F159E18A31}
Sun Apr 16 20:34:44 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Apr 16 20:34:44 2017 MANAGEMENT: >STATE:1492367684,ASSIGN_IP,,10.8.0.6,,,,
Sun Apr 16 20:34:49 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Apr 16 20:34:49 2017 C:\WINDOWS\system32\route.exe ADD 192.168.1.18 MASK 255.255.255.255 192.168.1.1 IF 24
Sun Apr 16 20:34:49 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4
Sun Apr 16 20:34:49 2017 Route addition via IPAPI succeeded [adaptive]
Sun Apr 16 20:34:49 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Apr 16 20:34:49 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Apr 16 20:34:49 2017 Route addition via IPAPI succeeded [adaptive]
Sun Apr 16 20:34:49 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Apr 16 20:34:49 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Apr 16 20:34:49 2017 Route addition via IPAPI succeeded [adaptive]
Sun Apr 16 20:34:49 2017 MANAGEMENT: >STATE:1492367689,ADD_ROUTES,,,,,,
Sun Apr 16 20:34:49 2017 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Apr 16 20:34:49 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Apr 16 20:34:49 2017 Route addition via IPAPI succeeded [adaptive]
Sun Apr 16 20:34:49 2017 Initialization Sequence Completed
Sun Apr 16 20:34:49 2017 MANAGEMENT: >STATE:1492367689,CONNECTED,SUCCESS,10.8.0.6,192.168.1.18,1194,,
Ipconfig

Code: Select all

enp1s0    Link encap:Ethernet  HWaddr 90:e6:ba:8f:66:86  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          Packets reçus:0 erreurs:0 :0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          Octets reçus:0 (0.0 B) Octets transmis:0 (0.0 B)

lo        Link encap:Boucle locale  
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          Packets reçus:1423 erreurs:0 :0 overruns:0 frame:0
          TX packets:1423 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1 
          Octets reçus:103873 (103.8 KB) Octets transmis:103873 (103.8 KB)

wlp2s0    Link encap:Ethernet  HWaddr 00:25:d3:c7:99:03  
          inet adr:192.168.1.18  Bcast:192.168.1.255  Masque:255.255.255.0
          adr inet6: 2a01:cb00:2c2:c000:e137:90f5:cc1e:df1/64 Scope:Global
          adr inet6: fe80::378d:2956:e5e:e592/64 Scope:Lien
          adr inet6: 2a01:cb00:2c2:c000:4d20:2cda:b370:66c9/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Packets reçus:17198 erreurs:0 :0 overruns:0 frame:0
          TX packets:1654 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          Octets reçus:3904067 (3.9 MB) Octets transmis:231839 (231.8 KB)
Server Log

Code: Select all

Sun Apr 16 20:29:56 2017 OpenVPN 2.3.10 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Sun Apr 16 20:29:56 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Sun Apr 16 20:29:56 2017 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Apr 16 20:29:56 2017 Diffie-Hellman initialized with 1024 bit key
Sun Apr 16 20:29:56 2017 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sun Apr 16 20:29:56 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:29:56 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:29:56 2017 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Apr 16 20:29:56 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp2s0 HWADDR=00:25:d3:c7:99:03
Sun Apr 16 20:29:56 2017 TUN/TAP device tun0 opened
Sun Apr 16 20:29:56 2017 TUN/TAP TX queue length set to 100
Sun Apr 16 20:29:56 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Apr 16 20:29:56 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Apr 16 20:29:56 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sun Apr 16 20:29:56 2017 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sun Apr 16 20:29:57 2017 GID set to nogroup
Sun Apr 16 20:29:57 2017 UID set to nobody
Sun Apr 16 20:29:57 2017 UDPv4 link local (bound): [undef]
Sun Apr 16 20:29:57 2017 UDPv4 link remote: [undef]
Sun Apr 16 20:29:57 2017 MULTI: multi_init called, r=256 v=256
Sun Apr 16 20:29:57 2017 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sun Apr 16 20:29:57 2017 Initialization Sequence Completed
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 TLS: Initial packet from [AF_INET]192.168.1.16:62182, sid=f88e45b8 6b213b4e
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=tang, name=changeme, emailAddress=mail@host.domain
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 [tang] Peer Connection Initiated with [AF_INET]192.168.1.16:62182
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 MULTI: Learn: 10.8.0.6 -> tang/192.168.1.16:62182
Sun Apr 16 20:31:31 2017 192.168.1.16:62182 MULTI: primary virtual IP for tang/192.168.1.16:62182: 10.8.0.6
Sun Apr 16 20:31:32 2017 192.168.1.16:62182 PUSH: Received control message: 'PUSH_REQUEST'
Sun Apr 16 20:31:32 2017 192.168.1.16:62182 send_push_reply(): safe_cap=940
Sun Apr 16 20:31:32 2017 192.168.1.16:62182 SENT CONTROL [tang]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thank you for helping !!
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN connected but can't ping server

Post by TinCanTech » Sun Apr 16, 2017 7:41 pm

Your logs show your client is connected to your server.

Now ensure your firewalls allows packets to flow over the VPN.
Top
marKent
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 16, 2017 6:07 pm

Re: VPN connected but can't ping server

Post by marKent » Sun Apr 16, 2017 7:48 pm

I already tested with firewall disabled
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN connected but can't ping server

Post by TinCanTech » Sun Apr 16, 2017 7:54 pm

marKent wrote:a VPN between a ubuntu server and a win10 client
marKent wrote:when I try to ping the server from the client and the other way around, I got nothing
What IPs are you trying to ping ?
Top
marKent
OpenVpn Newbie
Posts: 3
Joined: Sun Apr 16, 2017 6:07 pm

Re: VPN connected but can't ping server

Post by marKent » Sun Apr 16, 2017 8:01 pm

TinCanTech wrote:
marKent wrote:a VPN between a ubuntu server and a win10 client
marKent wrote:when I try to ping the server from the client and the other way around, I got nothing
What IPs are you trying to ping ?
I try IP server : 10.8.0.1
and I can't browse websites
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN connected but can't ping server

Post by TinCanTech » Sun Apr 16, 2017 8:05 pm

marKent wrote:I try IP server : 10.8.0.1
Then it is a firewall problem .. according to your logs.
marKent wrote: I can't browse websites
See:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
Top
derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: VPN connected but can't ping server

Post by derrickearly » Mon Oct 11, 2021 12:53 pm

Just had this same problem. Lowered the firewalls, and ping 10.8.0.1 started working. Thank you TinCanTech.
Top
Post Reply

Return to “Configuration”