Hello, I have set up an Openvpn Access Server in a VMware, to connect two locations, if it works well with 2 users, I will buy more, the IP that has been assigned to me is 192.168.1.3
From another remote site, I make the connection and it connects without problem, but I can't ping any machines on the remote site.
Help me, please.
I can't make ping other network
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jul 01, 2022 7:08 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: I can't make ping other network
Hello jesusarroyo,
If your subnets are the same on both locations that's going to be a problem. Can you check or ensure that the subnets are different on both locations?
And did you give access using the Admin UI, VPN Settings, Allow access to private subnets, yes using NAT, and then specified the subnet on the Access Server location?
Kind regards,
Johan
If your subnets are the same on both locations that's going to be a problem. Can you check or ensure that the subnets are different on both locations?
And did you give access using the Admin UI, VPN Settings, Allow access to private subnets, yes using NAT, and then specified the subnet on the Access Server location?
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jul 01, 2022 7:08 pm
Re: I can't make ping other network
Hi John, thanks for your reply.
The OpenVpn server IP is 192.168.1.3, the remote computer IP is 192.168.10.88.
It's configured like this...
Routing
Should VPN clients have access to private subnets (non-public networks on the server side)? YES, using NAT
Specify the private subnets to which all clients should be given access (one per line): 192.168.1.0/24
Kind regards,
Jesús
The OpenVpn server IP is 192.168.1.3, the remote computer IP is 192.168.10.88.
It's configured like this...
Routing
Should VPN clients have access to private subnets (non-public networks on the server side)? YES, using NAT
Specify the private subnets to which all clients should be given access (one per line): 192.168.1.0/24
Kind regards,
Jesús
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: I can't make ping other network
Hello Jesús,
I suggest then that you install and run tcpdump on the Access Server and monitor ICMP PING messages while you ping from the VPN client to the target IP. You will then be able to see the incoming pings and seeing them going out onto your network. With that confirmation you'll know the issue is not in the Access Server. You'll then have to look at firewall settings on the device that is receiving the pings, and try to address why it is not responding to them. You may also use WireShark or tcpdump on that target system too to confirm that pings are coming in. You're going to have to do network diagnostics to find the exact breaking point. But my guess would be it's just a Windows machine with its standard firewall rule blocking pings, or some security software like an antivirus+firewall thing that blocks it.
You may look at this document for further guidance:
https://openvpn.net/vpn-server-resource ... pn-tunnel/
Good luck,
Johan
I suggest then that you install and run tcpdump on the Access Server and monitor ICMP PING messages while you ping from the VPN client to the target IP. You will then be able to see the incoming pings and seeing them going out onto your network. With that confirmation you'll know the issue is not in the Access Server. You'll then have to look at firewall settings on the device that is receiving the pings, and try to address why it is not responding to them. You may also use WireShark or tcpdump on that target system too to confirm that pings are coming in. You're going to have to do network diagnostics to find the exact breaking point. But my guess would be it's just a Windows machine with its standard firewall rule blocking pings, or some security software like an antivirus+firewall thing that blocks it.
You may look at this document for further guidance:
https://openvpn.net/vpn-server-resource ... pn-tunnel/
Good luck,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jul 01, 2022 7:08 pm
Re: I can't make ping other network
I don't now, but now i work.
I want to know other question. Now i can ping from other network but only I can only ping the IP of the equipment, with the DNS of the equipment it does not respond to me. Because it can be?
Greetings.
I want to know other question. Now i can ping from other network but only I can only ping the IP of the equipment, with the DNS of the equipment it does not respond to me. Because it can be?
Greetings.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: I can't make ping other network
Hello Jesús,
That's pretty normal. VPN transports IP traffic, not local network hostnames or DNS names. So you can access your resources by IP address.
If you want DNS to work then you'll have to configure Access Server to instruct VPN clients to use a DNS server that can resolve those names you want to resolve to IP addresses in your network, and you'll need to use an OpenVPN client that implements DNS on the client side. Most clients do that, but not all. OpenVPN2 on Linux is one where you have to take some additional steps to implement DNS on the client side. If you use OpenVPN Connect DNS should work.
Kind regards,
Johan
That's pretty normal. VPN transports IP traffic, not local network hostnames or DNS names. So you can access your resources by IP address.
If you want DNS to work then you'll have to configure Access Server to instruct VPN clients to use a DNS server that can resolve those names you want to resolve to IP addresses in your network, and you'll need to use an OpenVPN client that implements DNS on the client side. Most clients do that, but not all. OpenVPN2 on Linux is one where you have to take some additional steps to implement DNS on the client side. If you use OpenVPN Connect DNS should work.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Jul 01, 2022 7:08 pm
Re: I can't make ping other network
Hello Johan
Thank you for your replay
I use OpenVpn Connect 3.3.2
Could you say me where is the configuration in OpenVpn AS to use a DNS server that can resolve those names you want to resolve to IP addresses in my network?
I don´t find it
Kind regards,
Jesús
Thank you for your replay
I use OpenVpn Connect 3.3.2
Could you say me where is the configuration in OpenVpn AS to use a DNS server that can resolve those names you want to resolve to IP addresses in my network?
I don´t find it
Kind regards,
Jesús
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: I can't make ping other network
Hello Jesús,
In the Admin UI, under Configuration > VPN Settings > DNS Settings.
See also https://openvpn.net/access-server-manua ... -settings/
Good luck,
Johan
In the Admin UI, under Configuration > VPN Settings > DNS Settings.
See also https://openvpn.net/access-server-manua ... -settings/
Good luck,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support