So, the question. Why doesn't tun0 return host unreachable when the machines have been physically disconnected? Is there a setting I need to use to make this happen?
server.conf
1
port [port]
2
proto udp
3
tls-server
4
dev tun
5
ca [location]
6
cert [location]
7
key [location]
8
askpass [location]
9
dh [location]
10
server [address] [netmask]
11
ifconfig-pool-persist ipp.txt
12
client-config-dir [location]
13
client-to-client
14
keepalive 10 120
15
tls-auth [location]
16
cipher AES-256-CBC
17
tls-version-min 1.2
18
auth SHA512
19
auth-nocache
20
user nobody
21
group nobody
22
persist-key
23
persist-tun
24
status [location]
25
log-append [location]
26
writepid [location]
27
verb 5
client.conf
1
client
2
dev tun
3
proto udp
4
tls-client
5
remote [server ip] [server port]
6
resolv-retry infinite
7
nobind
8
user nobody
9
group nobody
10
persist-key
11
persist-tun
12
ca [location]
13
cert [location]
14
key [location]
15
askpass [location]
16
remote-cert-tls server
17
tls-auth [location]
18
cipher AES-256-CBC
19
tls-version-min 1.2
20
auth SHA512
21
auth-nocache
22
log-append [location]
23
writepid [location]
Here's a comparison of ping and tcpdump output for unreachable LAN and vpn addresses.
Physical ping (expected behavior):
Code: Select all
PING X.X.X.X (X.X.X.X) 56(84) bytes of data.
From Y.Y.Y.Y icmp_seq=2 Destination Host Unreachable
From Y.Y.Y.Y icmp_seq=3 Destination Host Unreachable
From Y.Y.Y.Y icmp_seq=4 Destination Host Unreachable
# Ctrl^C here, note host unreachable
--- X.X.X.X ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5704ms
pipe 3
Code: Select all
# No output
Code: Select all
PING X.X.X.X (X.X.X.X) 56(84) bytes of data.
# Ctrl^C here, note no output
--- X.X.X.X ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8393ms
Code: Select all
10:35:53.143517 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 21800, seq 1, length 64
10:35:53.830677 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 22297, seq 5565, length 64
10:35:54.142666 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 21800, seq 2, length 64
10:35:54.830766 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 22297, seq 5566, length 64
10:35:55.142717 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 21800, seq 3, length 64
10:35:55.830729 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 22297, seq 5567, length 64
10:35:56.142698 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 21800, seq 4, length 64
10:35:56.830686 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 22297, seq 5568, length 64
10:35:57.142676 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
Y.Y.Y.Y > X.X.X.X: ICMP echo request, id 21800, seq 5, length 64
# ICMP echo reply and ICMP host unreachable are never returned