Unable to ping remote devices other than server

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
gws117
OpenVpn Newbie
Posts: 1
Joined: Thu Oct 03, 2019 6:44 pm

Unable to ping remote devices other than server

Post by gws117 » Thu Oct 03, 2019 6:56 pm

Set up a simple static-key OpenVPN server and am connected from another machine. My goal is to access a router which is the default gateway for LAN that the server is on. After writing some routing rules, I can ping the server from my external client but I can't ping any other machine on the server LAN. When I ssh on to the server and try the opposite (pinging devices on my client LAN), sometimes it is the same where only the tunnel endpoint and client device work, sometimes I can't even ping anything. Firewalls have been disabled, 1194/UDP was forwarded, and I have tried to set up routing rules to move traffic from tunnel to LAN's but not working. Are my routes wrong? What else could be causing it? tunnel adapter and lan interface are on same machine, do I need to route between the subnets?

Summary: Client IP: 172.20.10.8 Client Tunnel IP: 172.16.0.2 Destination IP (router): 192.168.0.1 Server IP: 192.168.0.100 Server Tunnel IP: 172.16.0.1

Client:
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.20.10.8 netmask 255.255.255.240 broadcast 172.20.10.15
inet6 fe80::299c:4d0f:7572:d80c prefixlen 64 scopeid 0x20<link>
ether 34:02:86:d2:ec:4a txqueuelen 1000 (Ethernet)
RX packets 1920 bytes 312803 (312.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2907 bytes 356058 (356.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.16.0.2 netmask 255.255.255.255 destination 172.16.0.1
inet6 fe80::e913:43d3:96b1:fb07 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 303 0 0 wlp2s0
172.16.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.20.10.0 0.0.0.0 255.255.255.240 U 303 0 0 wlp2s0
_gateway 0.0.0.0 255.255.255.255 UH 600 0 0 wlp2s0
192.168.0.0 172.16.0.1 255.255.255.0 UG 0 0 0 tun0
Server:
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.100 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::6e62:6dff:fe50:7db4 prefixlen 64 scopeid 0x20<link>
inet6 fd00:fc:8d52:9882:6e62:6dff:fe50:7db4 prefixlen 64 scopeid

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.255.255 destination 172.16.0.2
inet6 fe80::c20d:9a28:ed77:b731 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default hitronhub.home 0.0.0.0 UG 0 0 0 enp2s0
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.20.10.8 172.16.0.2 255.255.255.255 UGH 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0
Top
User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Unable to ping remote devices other than server

Post by cornichon » Sat Oct 19, 2019 1:56 pm

what do you think about do a site to site layer 2 vpn to do this whitout routing ?
Top
Post Reply

Return to “Doh!”