Ping working but no http, ssh, etc. MTU??

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Andal
OpenVpn Newbie
Posts: 6
Joined: Sun Oct 07, 2018 6:13 pm

Ping working but no http, ssh, etc. MTU??

Post by Andal » Wed Oct 31, 2018 2:44 pm

Hello everybody,
since at least four days I am experiencing pretty much problems on both my clients at once:
I have three networks connected via tap-bridges. Everything worked very fine before, and I didn't even change anything but suddenly it stopped working. I did just apt-get updates and upgrades and dist-upgrades on each device.
The ping is still working on every client to every client, that's the only thing.
No names of my network devices are displayed anymore in my router. No http connection is possible to my other networks. No smb, no ssh, nothing but ping.
So I googled and tested again my config added with the following commands on server and only one client, I deactivated the other one manually:

Code: Select all

tun-mtu 1400
mssfix 1360

tun-mtu 1500
fragmentation 1300
mssfix 1300

link-mtu 1400
mtu-test

tun-mtu 6000
fragment 0
mssfix 0

txqueuelen 1000

mtu-disc yes #isn't possible on Raspberry Pi 3
mtu-test

ip link set tap0 mtu 1350
But nothing seems to work. My configuration gets standardly automatically the MTU set: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1573'
I don't know why this isn't working anymore like the whole weeks before?? I just installed ~1,5 weeks before ebtables and blocked the DHCP-requests of the other networks. So I just get rid of it and flushed it with ebtables -F. Also I uninstalled and rebooted like 3-4 times every device. Still not working at all.

Ping server-client:

Code: Select all

ping 192.168.1.1 -M do -s 286 -4
PING 192.168.1.1 (192.168.1.1) 286(314) bytes of data.
294 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=13.7 ms
Ping client-server:

Code: Select all

ping 192.168.0.4 -M do -s 280 -4
PING 192.168.0.4 (192.168.0.4) 280(308) bytes of data.
288 bytes from 192.168.0.4: icmp_seq=1 ttl=64 time=13.2 ms
It won't get any much higher. It's in each configuration like I listed above at ~ 270-290.

server
port 1194
mode server
passtos
fast-io
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/test.crt
key /etc/openvpn/easy-rsa/keys/test.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh4096.pem
topology subnet
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
tls-server
remote-cert-tls client
cipher AES-256-CBC
compress lz4-v2
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


client
client
dev tap0
proto udp
remote test 1194
resolv-retry infinite
nobind
persist-key
persist-tun
passtos
fast-io
user nobody
group nogroup
askpass /etc/openvpn/test.pass
ca /etc/openvpn/ca.crt
cert /etc/openvpn/test.crt
key /etc/openvpn/test.key
tls-auth /etc/openvpn/ta.key 1
remote-cert-tls server
verb 3


Wireshark also often shows me TCP Retransmissions from the other networks if I am trying to open their router interfaces via http.

Thank you in advance.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ping working but no http, ssh, etc. MTU??

Post by TinCanTech » Wed Oct 31, 2018 8:44 pm

Does openvpn work if you do not mess around with MTU's ?

Andal
OpenVpn Newbie
Posts: 6
Joined: Sun Oct 07, 2018 6:13 pm

Re: Ping working but no http, ssh, etc. MTU??

Post by Andal » Thu Nov 01, 2018 12:45 am

Sorry but I don't know what I've messed around?
My configs are like I posted, can't see nothing what should have to do with MTUs? I just tested afterwards multiple advises found on the internet because of the issue of just ping working and nothing else.
Server ip addr:

Code: Select all

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether bc:5f:f4:3e:eb:95 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::be5f:f4ff:fe3e:eb95/64 scope link
       valid_lft forever preferred_lft forever
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::18ac:4f14:86a9:3b2b/64 scope link flags 800
       valid_lft forever preferred_lft forever
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 62:5d:11:db:7a:35 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.4/17 brd 192.168.127.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 <deleted>/64 scope global mngtmpaddr dynamic
       valid_lft 7178sec preferred_lft 1778sec
    inet6 fd00::605d:11ff:fedb:7a35/64 scope global mngtmpaddr dynamic
       valid_lft 7079sec preferred_lft 3479sec
    inet6 fe80::be5f:f4ff:fe3e:eb95/64 scope link
       valid_lft forever preferred_lft forever
19: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 16:d6:e3:3d:d9:a6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::14d6:e3ff:fe3d:d9a6/64 scope link
       valid_lft forever preferred_lft forever
Client ip addr is pretty the same (I can't access it right now, maybe tomorrow, if it's important): network bridge bridging tap0 device with ethernet and every mtu is on 1500, except ofc lo.

Andal
OpenVpn Newbie
Posts: 6
Joined: Sun Oct 07, 2018 6:13 pm

Re: Ping working but no http, ssh, etc. MTU??

Post by Andal » Fri Nov 02, 2018 8:34 pm

I've got a little update:
My server can access the router from the other side with wget 192.168.1.1. The devices behind the server can't access this site with the browser, but with wget.
And my client can't even access my server (ofc apache running), nor my router on 192.168.0.1 with wget.

Andal
OpenVpn Newbie
Posts: 6
Joined: Sun Oct 07, 2018 6:13 pm

Re: Ping working but no http, ssh, etc. MTU??

Post by Andal » Tue Nov 13, 2018 11:54 pm

So, after a few more days of trial and error, I'm pretty sure it just was because the push for the comp was mysteriously missing. I really couldn't remember that I changed something in the configs. I really have to get into git...

Post Reply