Can't ping openvpn client

[lazyadmin]

Hi all:

I've been struggling with this problem for days, and I've been googling, reading docs, posts but still can't figure it out. I hope I can get some help here. Thanks in Advance!

Problem description:
Short version:

servers behind openvpn subnet can't ping openvpn client, but openvpn client can ping servers behind openvpn subnet.

Long version:
Server A - host behind vpn subnet
Server B - vpn server
Server C - vpn client

Server A:
eth0 -116.196.32.158
eth0:0 - 192.168.185.52
gre1 - 10.9.201.2 (Since A and B are in different subnet, I had to set up a IP tunnel between A and B, so that A can ping vpn network)

Server B:
eth0 - 116.197.65.148
eth0:0 - 192.168.181.143
tun0 - 10.8.1.1
gre1 - 10.9.201.1

Server C:
eth0 - 104.112.34.5
tun0 - 10.8.1.6

A -> C
$ ping 10.8.1.6
PING 10.8.1.6 (10.8.1.6) 56(84) bytes of data.
From 10.9.201.1 icmp_seq=1 Destination Port Unreachable

C -> A
$ ping 192.168.185.52
56(84) bytes of data.
64 bytes from 192.168.185.52: icmp_seq=1 ttl=63 time=210 ms
64 bytes from 192.168.185.52: icmp_seq=2 ttl=63 time=209 ms

I can see the packets from A arrives B, then get lost, on server A, I have route like:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.1.0 10.9.201.2 255.255.255.0 UG 0 0 0 gre1

on Server B, I have route like:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 116.177.65.1 0.0.0.0 UG 0 0 0 eth0
10.8.1.0 10.8.1.2 255.255.255.0 UG 0 0 0 tun0
10.8.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0

I couldn't figure out why the packets from server A reach server B and didn't get forword to subnet 10.8.1.0.

Can someone help? Thank in advance!

[maikcat]

check routing tables for all servers involved,
also check that they have ip forwarding enabled..

Michael.

[lazyadmin]

check routing tables for all servers involved,
also check that they have ip forwarding enabled..

Michael.

Thanks Michael for replying.

I doubled checked the routing table on all three servers,

On server A (server behind openvpn subnet):
The routing to openvpn clients, traffic goes through server B (the openvpn server, as a gateway):

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0          116.196.32.1      0.0.0.0              UG     0         0        0    eth0
10.8.1.0         10.9.201.2       255.255.255.0    UG     0         0        0    gre1
10.9.201.1      0.0.0.0           255.255.255.255 UH     0         0        0    gre1

You can see that all the traffic to 10.8.1.0 subnet goest to 10.9.201.2 (IP-IP) tunnel to openvpn server.

On Server B (openvpn server):

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         106.187.55.1        0.0.0.0              UG    0      0        0 eth0
10.8.1.0           10.8.1.2         255.255.255.0     UG    0      0        0 tun0
10.8.1.2             0.0.0.0         255.255.255.255 UH    0      0        0 tun0

All the traffice to 10.8.1.0 subnet goes to openvpn tunnel.

On Server C (openvpn client):

Code: Select all

Destination       Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.1.0            10.8.1.5        255.255.255.0   UG    0      0        0 tun0
192.168.185.0   10.8.1.5        255.255.255.0   UG    0      0        0 tun0

All the traffic to 192.168.185.0 subnet goes through openvpn tunnel.

ip forwarding is enabled on all three servers.

Any other suggestions?

Thanks!

[maikcat]

iptables filtering traffic?

if you use traceroute what do you see?

Michael.

[lazyadmin]

iptables filtering traffic?

if you use traceroute what do you see?

Michael.

By adding a iptable forward rule on the openvpn server fixed my problem. Thanks Michael for the help!