Able to connect tap, but unable to ping or access pls helppp
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Able to connect tap, but unable to ping or access pls helppp
i am having problem in my openvpn server on centos. can you help me out please?
i am able to connec to my openvpn server, but unable to ping my local network at office.
LAN network: (172.17.0.0/16) servers=172.17.1.0/24, users 172.17.3.0/24 & onwards.
VPN server LAN ip: 172.17.17.17
VPN Server tun0: 172.17.16.1
VPN Users: 172.17.16.0/24
openvpn connects but unable to ping or access anything.
i can ping the gw (tun0) but cant ping vpn server (lan ip) or my local network.
my server.conf:
local 172.17.17.17
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.17.16.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.17.1.0 255.255.255.0"
push "redirect-gateway"
client-to-client
keepalive 10 120
comp-lzo
max-clients 150
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
mute 20
client.ovpn:
client
dev tap
proto udp
remote mydomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
auth-user-pass
comp-lzo
verb 3
routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.17.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.17.1.3 0.0.0.0 UG 0 0 0 eth0
iptables are off/stopped.
please help me in this regards. i am damn in need of help. because i am already tardy the deadline in my office. i created and had running the openvpn server before, it was working fine but due to some disaster, the server was crashed and now i am creating again the new openvpn server on centos but this time where am i mistaking, i really dont know. i am stuck in it.
anxiously waiting for reply
regards
Sam
i am able to connec to my openvpn server, but unable to ping my local network at office.
LAN network: (172.17.0.0/16) servers=172.17.1.0/24, users 172.17.3.0/24 & onwards.
VPN server LAN ip: 172.17.17.17
VPN Server tun0: 172.17.16.1
VPN Users: 172.17.16.0/24
openvpn connects but unable to ping or access anything.
i can ping the gw (tun0) but cant ping vpn server (lan ip) or my local network.
my server.conf:
local 172.17.17.17
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.17.16.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.17.1.0 255.255.255.0"
push "redirect-gateway"
client-to-client
keepalive 10 120
comp-lzo
max-clients 150
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
mute 20
client.ovpn:
client
dev tap
proto udp
remote mydomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
auth-user-pass
comp-lzo
verb 3
routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.17.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.17.1.3 0.0.0.0 UG 0 0 0 eth0
iptables are off/stopped.
please help me in this regards. i am damn in need of help. because i am already tardy the deadline in my office. i created and had running the openvpn server before, it was working fine but due to some disaster, the server was crashed and now i am creating again the new openvpn server on centos but this time where am i mistaking, i really dont know. i am stuck in it.
anxiously waiting for reply
regards
Sam
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Able to connect tap, but unable to ping or access pls he
hi there,
already responded to previous topic..
anyway
check if ip forwarding is enabled on your server
michael.
already responded to previous topic..
anyway
check if ip forwarding is enabled on your server
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Re: Able to connect tap, but unable to ping or access pls he
hi maikcat
thank you so much for replying...
please check
/etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
regards
thank you so much for replying...
please check
/etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
regards
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Able to connect tap, but unable to ping or access pls he
hi there,
172.17.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
your eth0 has 16 bit mask
your tap0 has 24 bit mask..
they both belong to 172.17 subnet
is there a typo????
michael
172.17.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
your eth0 has 16 bit mask
your tap0 has 24 bit mask..
they both belong to 172.17 subnet
is there a typo????
michael
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Re: Able to connect tap, but unable to ping or access pls he
hi maikcat
our local LAN network including server is on 172.17.0.0/16
172.17.1.3/16 is my router's local ip on eht0
I was running vpn users on 172.17.16.0/24 on the same network.
and yes; now i am able to ping my VPN server local Ip 172.17.17.17. i ran the command again echo 1 > /proc/sys/net/ipv4/ip_forward
but still no ping to other servers or pcs.
regards
our local LAN network including server is on 172.17.0.0/16
172.17.1.3/16 is my router's local ip on eht0
I was running vpn users on 172.17.16.0/24 on the same network.
and yes; now i am able to ping my VPN server local Ip 172.17.17.17. i ran the command again echo 1 > /proc/sys/net/ipv4/ip_forward
but still no ping to other servers or pcs.
regards
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Able to connect tap, but unable to ping or access pls he
please use for your vpn users a different subnet...
(fe 10.x.x.x/24)
also setup a static route to your lan servers for vpn subnet
cheers,
michael.
(fe 10.x.x.x/24)
also setup a static route to your lan servers for vpn subnet
cheers,
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Re: Able to connect tap, but unable to ping or access pls he
hi Micheal
even after using 10.x.x.x/24 subnet, still unable to ping or access. any idea now?
regards
Sam
even after using 10.x.x.x/24 subnet, still unable to ping or access. any idea now?
regards
Sam
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Able to connect tap, but unable to ping or access pls he
lets review your setup...
your servers have 172.17/16 ips
what gateway they have? (they must have at least a static route for
network 10/8 (the vpn) pointing to your lan ip of vpn server)
your centos now..
you have ip forwarding enabled (ok)
what is your selinux status?
what is your firewall status?
try disabling them both for testing..
>push "route 172.17.1.0 255.255.255.0"
>push "redirect-gateway"
i say for start leave redirect gateway aside
and change to this
push "route 172.17.0.0 255.255.0.0"
check the clients routing table that recieves the static routes..
tell us what happened.
michael.
your servers have 172.17/16 ips
what gateway they have? (they must have at least a static route for
network 10/8 (the vpn) pointing to your lan ip of vpn server)
your centos now..
you have ip forwarding enabled (ok)
what is your selinux status?
what is your firewall status?
try disabling them both for testing..
>push "route 172.17.1.0 255.255.255.0"
>push "redirect-gateway"
i say for start leave redirect gateway aside
and change to this
push "route 172.17.0.0 255.255.0.0"
check the clients routing table that recieves the static routes..
tell us what happened.
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Re: Able to connect tap, but unable to ping or access pls he
hi Micheal,
sorry for late reply....
i tried your provided conf changes but still invain:
ip forwarding enabled
selinux disabled
firewall disabled
push "route 172.17.0.0 255.255.0.0"
#redirect gateway (commented)
server 10.8.0.0 255.255.255.0
i can ping the vpn server local ip.
i can ping the router's local ip.
resulting no gateway assign when openvpn connected and still the same situation "no ping & no access"
well Micheal, do you think should I re-install everything from scratch? to sort out whats going on? there must a little problem but where? I dont know, i am just little scared if the problem persist even after re-installation and re-configuration of the server from scratch, if it will show the same problem then?
what do you suggest now? have you got it whats going wrong with my configuration? this is really embarrassing situation
thanks & regards
Sam
sorry for late reply....
i tried your provided conf changes but still invain:
ip forwarding enabled
selinux disabled
firewall disabled
push "route 172.17.0.0 255.255.0.0"
#redirect gateway (commented)
server 10.8.0.0 255.255.255.0
i can ping the vpn server local ip.
i can ping the router's local ip.
resulting no gateway assign when openvpn connected and still the same situation "no ping & no access"
well Micheal, do you think should I re-install everything from scratch? to sort out whats going on? there must a little problem but where? I dont know, i am just little scared if the problem persist even after re-installation and re-configuration of the server from scratch, if it will show the same problem then?
what do you suggest now? have you got it whats going wrong with my configuration? this is really embarrassing situation
thanks & regards
Sam
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Re: Able to connect tap, but unable to ping or access pls he
sorry not to mention this that servers have router's LAN as their GW.
static route on router set IF LAN network 10.0.0.0/8 gw vpnserver
Regards
Sam
static route on router set IF LAN network 10.0.0.0/8 gw vpnserver
Regards
Sam
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Able to connect tap, but unable to ping or access pls he
hi there,
if you try a traceroute from a lan server to your openvpn subnet
(first at 10.0.0.1 the vpn server itself and then to a connected client)
does your router properly forwards the packets to your openvpn server?.
also i hope that your lan servers dont have any type of firewall enabled...
>well Micheal, do you think should I re-install everything from scratch?
i dont think that this will solve your problem..
i believe there is a routing misconfiguration or firewall problem somewhere...
ps:try adding the static route directly into one of yours servers in case your router blocks something..
some zyxel firewalls drops traffic if you dont enable it..
cheers,
michael
if you try a traceroute from a lan server to your openvpn subnet
(first at 10.0.0.1 the vpn server itself and then to a connected client)
does your router properly forwards the packets to your openvpn server?.
also i hope that your lan servers dont have any type of firewall enabled...
>well Micheal, do you think should I re-install everything from scratch?
i dont think that this will solve your problem..
i believe there is a routing misconfiguration or firewall problem somewhere...
ps:try adding the static route directly into one of yours servers in case your router blocks something..
some zyxel firewalls drops traffic if you dont enable it..
cheers,
michael
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Mar 22, 2011 10:39 pm
Re: Able to connect tap, but unable to ping or access pls he
hi Micheal,
really thanks for you concern, I'll get back to you and vpn server by tomorrow or may be day after tomorrow. I have temporarily installed & configured vpn using community firewall version. but i am going to continue the same configuration of vpn server by day after tomorrow. This is my id theonlyoneurs at yahoo dot com for better communication in this regards.
Thanks alot regards
Sameer
really thanks for you concern, I'll get back to you and vpn server by tomorrow or may be day after tomorrow. I have temporarily installed & configured vpn using community firewall version. but i am going to continue the same configuration of vpn server by day after tomorrow. This is my id theonlyoneurs at yahoo dot com for better communication in this regards.
Thanks alot regards
Sameer