Hello!
This is my first OpenVPN installation.
I have two Fedora 17 machines, one with a local net 192.168.15.0/24 and the other 192.168.10.0/24.
I have an OpenVPN connection between then with network addresses 192.168.20.1 (on 192.168.15.0/24) and 192.168.20.2 (On 192.168.10.0/24).
The logs say that the VPN connection is up. I can ping the local side of the connection, but I am unable to ping the remote end. Using tcpdump watching the public IP's and activity on port 1194, I can see that the packets are being routed through the tun (local side) and are arriving at the public IP of the remote site, but there is no traffic indicated on the remote tun interface.
Both machines have IP masquerading enabled for the public interface (I am thinking that I need to NOT masquerade the traffic between the 192.168.10 and 192.168.15 nets, but I don't know how to do that... (I use iptables via system-config-firewall)
I am looking for debugging help here. Any ideas on why the packets would get routed through the VPN to the remote IP port 1194 but be not passed on to the remote tun interface? Are they supposed to?
Thanks in advance for any help you can give.
Mark
Unable to ping remote end of VPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
-
WiseMW
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Apr 05, 2013 3:42 pm
-
WiseMW
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Apr 05, 2013 3:42 pm
Re: Unable to ping remote end of VPN
More information:
Using tcpdump, I can see that the following is true;
When I ping 192.168.15.254 (a machine on the 192.168.15.0/24 network) from 192.168.10.1 (A machine on the 192.168.10.0/24 network), packets are routed out of the tun0 interface on 192.168.10.0/24 and are received on the
public IP of the 192.168.15.0/24 network. The packets just don't seem to move through the em1 (public) interface to the tun0 interface and then on to the 192.168.15.254 machine. This is also true if I reverse the process.
192.168.10.1 pings 192.168.15.254, packet is routed to 192.168.20.2 (local tun0) --> Public IP (em1) --> Public Internet
Packet comes in on Public IP (em1) on the 192.168.15.0/24 machine, but does not route...
I have ipfowarding on both machines.
I have the iptables rules in place to allow packets to flow.
I am looking for other thoughts about how to debug this issue. Ideas? Suggestions?
TIA,
Mark
Using tcpdump, I can see that the following is true;
When I ping 192.168.15.254 (a machine on the 192.168.15.0/24 network) from 192.168.10.1 (A machine on the 192.168.10.0/24 network), packets are routed out of the tun0 interface on 192.168.10.0/24 and are received on the
public IP of the 192.168.15.0/24 network. The packets just don't seem to move through the em1 (public) interface to the tun0 interface and then on to the 192.168.15.254 machine. This is also true if I reverse the process.
192.168.10.1 pings 192.168.15.254, packet is routed to 192.168.20.2 (local tun0) --> Public IP (em1) --> Public Internet
Packet comes in on Public IP (em1) on the 192.168.15.0/24 machine, but does not route...
I have ipfowarding on both machines.
I have the iptables rules in place to allow packets to flow.
I am looking for other thoughts about how to debug this issue. Ideas? Suggestions?
TIA,
Mark