Able to connect tap, but unable to ping or access pls helppp

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Able to connect tap, but unable to ping or access pls helppp

Post by sameerrrr » Tue Mar 22, 2011 11:11 pm

i am having problem in my openvpn server on centos. can you help me out please?

i am able to connec to my openvpn server, but unable to ping my local network at office.

LAN network: (172.17.0.0/16) servers=172.17.1.0/24, users 172.17.3.0/24 & onwards.
VPN server LAN ip: 172.17.17.17
VPN Server tun0: 172.17.16.1

VPN Users: 172.17.16.0/24

openvpn connects but unable to ping or access anything.

i can ping the gw (tun0) but cant ping vpn server (lan ip) or my local network.

my server.conf:

local 172.17.17.17
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.17.16.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.17.1.0 255.255.255.0"
push "redirect-gateway"
client-to-client
keepalive 10 120
comp-lzo
max-clients 150
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
mute 20

client.ovpn:

client
dev tap
proto udp

remote mydomain.com 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client1.crt
key client1.key

auth-user-pass

comp-lzo

verb 3

routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.17.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.17.1.3 0.0.0.0 UG 0 0 0 eth0

iptables are off/stopped.

please help me in this regards. i am damn in need of help. because i am already tardy the deadline in my office. i created and had running the openvpn server before, it was working fine but due to some disaster, the server was crashed and now i am creating again the new openvpn server on centos but this time where am i mistaking, i really dont know. i am stuck in it.

anxiously waiting for reply

regards

Sam

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Able to connect tap, but unable to ping or access pls he

Post by maikcat » Wed Mar 23, 2011 10:59 am

hi there,

already responded to previous topic..

anyway

check if ip forwarding is enabled on your server

michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Re: Able to connect tap, but unable to ping or access pls he

Post by sameerrrr » Wed Mar 23, 2011 11:23 am

hi maikcat

thank you so much for replying...

please check
/etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456


regards

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Able to connect tap, but unable to ping or access pls he

Post by maikcat » Wed Mar 23, 2011 11:37 am

hi there,

172.17.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0

your eth0 has 16 bit mask
your tap0 has 24 bit mask..

they both belong to 172.17 subnet

:shock:

is there a typo????

michael
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Re: Able to connect tap, but unable to ping or access pls he

Post by sameerrrr » Wed Mar 23, 2011 12:10 pm

hi maikcat

our local LAN network including server is on 172.17.0.0/16

172.17.1.3/16 is my router's local ip on eht0

I was running vpn users on 172.17.16.0/24 on the same network.

and yes; now i am able to ping my VPN server local Ip 172.17.17.17. i ran the command again echo 1 > /proc/sys/net/ipv4/ip_forward
but still no ping to other servers or pcs.

regards

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Able to connect tap, but unable to ping or access pls he

Post by maikcat » Wed Mar 23, 2011 12:20 pm

please use for your vpn users a different subnet...
(fe 10.x.x.x/24)
also setup a static route to your lan servers for vpn subnet

cheers,


michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Re: Able to connect tap, but unable to ping or access pls he

Post by sameerrrr » Thu Mar 24, 2011 4:01 am

hi Micheal

even after using 10.x.x.x/24 subnet, still unable to ping or access. any idea now?

regards

Sam

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Able to connect tap, but unable to ping or access pls he

Post by maikcat » Thu Mar 24, 2011 7:33 am

lets review your setup...

your servers have 172.17/16 ips

what gateway they have? (they must have at least a static route for
network 10/8 (the vpn) pointing to your lan ip of vpn server)

your centos now..

you have ip forwarding enabled (ok)
what is your selinux status?
what is your firewall status?

try disabling them both for testing..

>push "route 172.17.1.0 255.255.255.0"
>push "redirect-gateway"

i say for start leave redirect gateway aside
and change to this
push "route 172.17.0.0 255.255.0.0"

check the clients routing table that recieves the static routes..

tell us what happened.

michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Re: Able to connect tap, but unable to ping or access pls he

Post by sameerrrr » Sun Mar 27, 2011 5:21 pm

hi Micheal,

sorry for late reply....

i tried your provided conf changes but still invain:

ip forwarding enabled
selinux disabled
firewall disabled
push "route 172.17.0.0 255.255.0.0"
#redirect gateway (commented)
server 10.8.0.0 255.255.255.0

i can ping the vpn server local ip.
i can ping the router's local ip.
resulting no gateway assign when openvpn connected and still the same situation "no ping & no access"

well Micheal, do you think should I re-install everything from scratch? to sort out whats going on? there must a little problem but where? I dont know, i am just little scared if the problem persist even after re-installation and re-configuration of the server from scratch, if it will show the same problem then?
what do you suggest now? have you got it whats going wrong with my configuration? this is really embarrassing situation :(

thanks & regards

Sam

sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Re: Able to connect tap, but unable to ping or access pls he

Post by sameerrrr » Sun Mar 27, 2011 5:27 pm

sorry not to mention this that servers have router's LAN as their GW.
static route on router set IF LAN network 10.0.0.0/8 gw vpnserver

Regards

Sam

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Able to connect tap, but unable to ping or access pls he

Post by maikcat » Mon Mar 28, 2011 9:44 am

hi there,

if you try a traceroute from a lan server to your openvpn subnet
(first at 10.0.0.1 the vpn server itself and then to a connected client)
does your router properly forwards the packets to your openvpn server?.

also i hope that your lan servers dont have any type of firewall enabled...

>well Micheal, do you think should I re-install everything from scratch?

i dont think that this will solve your problem..
i believe there is a routing misconfiguration or firewall problem somewhere...

ps:try adding the static route directly into one of yours servers in case your router blocks something..
some zyxel firewalls drops traffic if you dont enable it..

cheers,

michael
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

sameerrrr
OpenVpn Newbie
Posts: 8
Joined: Tue Mar 22, 2011 10:39 pm

Re: Able to connect tap, but unable to ping or access pls he

Post by sameerrrr » Tue Mar 29, 2011 7:32 am

hi Micheal,

really thanks for you concern, I'll get back to you and vpn server by tomorrow or may be day after tomorrow. I have temporarily installed & configured vpn using community firewall version. but i am going to continue the same configuration of vpn server by day after tomorrow. This is my id theonlyoneurs at yahoo dot com for better communication in this regards.

Thanks alot regards

Sameer

Post Reply