Can connect to VPN and get IP but not ping

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
pspringmeyer
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 04, 2011 7:37 pm

Can connect to VPN and get IP but not ping

Post by pspringmeyer » Fri Feb 04, 2011 7:54 pm

I have a OpenVPN server configured and setup on a DD-WRT router. I've turned off the firewall just in case and I still cannot ping anything on the network. The client connects completely fine and there is nothing out of the ordinary in either the server or client logs. DHCP on the router has a max range from 192.168.0.2 to 192.168.0.150.

[EDIT]
I'm also on Mac OS X 10.6.6
[/EDIT]

Certs are all fine (I'm positive, went through that for about 4 hours till I figured out that DD-WRT is on UTC and my machine is GMT) too.

When I connect, the laptop gets an IP of 192.168.0.50 (good) and I can ping itself (from the laptop). But I cannot ping anything else on the network and nothing on the network can ping that IP address. DD-WRT shows that LAN IP as registered too.

Router is: 192.168.0.1

Server config:

Code: Select all

mode server
proto udp
port 1194
dev tap0
server-bridge 192.168.0.1 255.255.255.0 192.168.0.50 192.168.0.70
keepalive 10 120
daemon
verb 3
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001

log-append /tmp/myvpnsrv.log
My client configuration:

Code: Select all

remote xxx.dyndns.org 1194 (obfuscated)

client
dev tap0 
proto udp 
resolv-retry infinite 
nobind 
persist-key 
persist-tun
float 
verb 3
ca ca.crt 
cert client1.crt 
key client1.key 

ns-cert-type server
I've seen many people have this issue (connecting but can't ping) and I've tried many different ad-hoc solutions to no avail. Anybody have a recommendation for me?

EDIT: for completeness, here are the client logs (I can show server logs but they look completely fine)

Code: Select all

Feb 04 11:52:52: MANAGEMENT: CMD 'state on'
Feb 04 11:52:52: MANAGEMENT: CMD 'hold release'
Feb 04 11:52:52: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 04 11:52:52: Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 04 11:52:52: Socket Buffers: R=[42080->65536] S=[9216->65536]
Feb 04 11:52:52: MANAGEMENT: >STATE:1296849172,RESOLVE,,,
Feb 04 11:52:52: Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Feb 04 11:52:52: Local Options hash (VER=V4): '2c50bd2c'
Feb 04 11:52:52: Expected Remote Options hash (VER=V4): '0ddbb6e3'
Feb 04 11:52:52: UDPv4 link local: [undef]
Feb 04 11:52:52: UDPv4 link remote: (home ip obfuscated):1194
Feb 04 11:52:52: MANAGEMENT: >STATE:1296849172,WAIT,,,
Feb 04 11:52:52: MANAGEMENT: CMD 'hold release'
Feb 04 11:52:54: MANAGEMENT: >STATE:1296849174,AUTH,,,
Feb 04 11:52:54: TLS: Initial packet from (home ip obfuscated):1194, sid=a7c41cb3 5a2ec14b
Feb 04 11:52:55: VERIFY OK: depth=1, /C=US/ST=CA/L=SanDiego/O=Home/OU=MyUNIT/CN=OpenVPN-HOME/emailAddress=(personal email address)
Feb 04 11:52:55: VERIFY OK: nsCertType=SERVER
Feb 04 11:52:55: VERIFY OK: depth=0, /C=US/ST=CA/L=SanDiego/O=Home/OU=MyUNIT/CN=OpenVPN-HOME-Server/emailAddress=(personal email address)
Feb 04 11:52:56: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 04 11:52:56: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 04 11:52:56: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 04 11:52:56: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 04 11:52:56: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Feb 04 11:52:56: [OpenVPN-HOME-Server] Peer Connection Initiated with 1(home ip obfuscated):1194
Feb 04 11:52:58: MANAGEMENT: >STATE:1296849178,GET_CONFIG,,,
Feb 04 11:52:59: SENT CONTROL [OpenVPN-HOME-Server]: 'PUSH_REQUEST' (status=1)
Feb 04 11:52:59: PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.0.1,ping 10,ping-restart 120,ifconfig 192.168.0.50 255.255.255.0'
Feb 04 11:52:59: OPTIONS IMPORT: timers and/or timeouts modified
Feb 04 11:52:59: OPTIONS IMPORT: --ifconfig/up options modified
Feb 04 11:52:59: OPTIONS IMPORT: route-related options modified
Feb 04 11:52:59: ROUTE default_gateway=192.168.43.1
Feb 04 11:52:59: TUN/TAP device /dev/tap0 opened
Feb 04 11:52:59: MANAGEMENT: >STATE:1296849179,ASSIGN_IP,,192.168.0.50,
Feb 04 11:52:59: /sbin/ifconfig tap0 delete
Feb 04 11:52:59: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Feb 04 11:52:59: /sbin/ifconfig tap0 192.168.0.50 netmask 255.255.255.0 mtu 1500 up
Feb 04 11:52:59: /Applications/Viscosity.app/Contents/Resources/dnsup.py tap0 1500 1573 192.168.0.50 255.255.255.0 init
Feb 04 11:52:59: /sbin/route add -net (home ip obfuscated) 192.168.43.1 255.255.255.255
Feb 04 11:52:59: /sbin/route add -net 0.0.0.0 192.168.0.1 128.0.0.0
Feb 04 11:52:59: /sbin/route add -net 128.0.0.0 192.168.0.1 128.0.0.0
Feb 04 11:52:59: Initialization Sequence Completed
Feb 04 11:52:59: MANAGEMENT: >STATE:1296849179,CONNECTED,SUCCESS,192.168.0.50,(home ip obfuscated)
Feb 04 11:53:00: MANAGEMENT: CMD 'status'
Feb 04 11:53:01: MANAGEMENT: CMD 'status'
Feb 04 11:53:02: MANAGEMENT: CMD 'status'
Feb 04 11:53:03: MANAGEMENT: CMD 'status'
Feb 04 11:53:04: MANAGEMENT: CMD 'status'
Feb 04 11:53:05: MANAGEMENT: CMD 'status'
Feb 04 11:53:06: MANAGEMENT: CMD 'status'
Feb 04 11:53:07: MANAGEMENT: CMD 'status'
Feb 04 11:53:08: MANAGEMENT: CMD 'status'
Feb 04 11:53:09: MANAGEMENT: CMD 'status'
Feb 04 11:53:10: NOTE: --mute triggered...
Last edited by pspringmeyer on Mon Feb 07, 2011 5:07 am, edited 1 time in total.
Top
mynkow
OpenVpn Newbie
Posts: 7
Joined: Sun Feb 06, 2011 10:21 pm

Re: Can connect to VPN and get IP but not ping

Post by mynkow » Sun Feb 06, 2011 10:44 pm

Sounds stupid and I do not think this is your problem but... if you do not have any shared files/folders in windows you will be not able to ping.
Top
pspringmeyer
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 04, 2011 7:37 pm

Re: Can connect to VPN and get IP but not ping

Post by pspringmeyer » Mon Feb 07, 2011 4:53 am

I'm on Mac OS X. But thanks for commenting :)
Top
pspringmeyer
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 04, 2011 7:37 pm

Update

Post by pspringmeyer » Mon Feb 07, 2011 6:16 am

Well, without being able to fix it I've moved on and decided to use PPTP. If anyone has a solution or an some thoughts on it I would love to hear them as I vastly prefer OpenVPN over PPTP.
Top
pspringmeyer
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 04, 2011 7:37 pm

Re: Can connect to VPN and get IP but not ping

Post by pspringmeyer » Fri Feb 11, 2011 6:56 pm

For anyone that happens upon this looking for a solution:

I was unable to resolve the issue with connecting but the connection not being bridged with the target LAN. I decided to scrap DD-WRT as my OpenVPN server and installed it on my FreeBSD box behind the DD-WRT router. I forwarded the ports from DD-WRT to the server.

Took me about a day to setup the FreeBSD OpenVPN server but got it done and it works well!
Top
Post Reply

Return to “Server Administration”