Unable to ping remote end of VPN

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
WiseMW
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 05, 2013 3:42 pm

Unable to ping remote end of VPN

Post by WiseMW » Fri Apr 05, 2013 3:58 pm

Hello!

This is my first OpenVPN installation.

I have two Fedora 17 machines, one with a local net 192.168.15.0/24 and the other 192.168.10.0/24.

I have an OpenVPN connection between then with network addresses 192.168.20.1 (on 192.168.15.0/24) and 192.168.20.2 (On 192.168.10.0/24).

The logs say that the VPN connection is up. I can ping the local side of the connection, but I am unable to ping the remote end. Using tcpdump watching the public IP's and activity on port 1194, I can see that the packets are being routed through the tun (local side) and are arriving at the public IP of the remote site, but there is no traffic indicated on the remote tun interface.

Both machines have IP masquerading enabled for the public interface (I am thinking that I need to NOT masquerade the traffic between the 192.168.10 and 192.168.15 nets, but I don't know how to do that... (I use iptables via system-config-firewall)

I am looking for debugging help here. Any ideas on why the packets would get routed through the VPN to the remote IP port 1194 but be not passed on to the remote tun interface? Are they supposed to?

Thanks in advance for any help you can give.

Mark

WiseMW
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 05, 2013 3:42 pm

Re: Unable to ping remote end of VPN

Post by WiseMW » Fri Apr 05, 2013 8:31 pm

More information:

Using tcpdump, I can see that the following is true;

When I ping 192.168.15.254 (a machine on the 192.168.15.0/24 network) from 192.168.10.1 (A machine on the 192.168.10.0/24 network), packets are routed out of the tun0 interface on 192.168.10.0/24 and are received on the
public IP of the 192.168.15.0/24 network. The packets just don't seem to move through the em1 (public) interface to the tun0 interface and then on to the 192.168.15.254 machine. This is also true if I reverse the process.

192.168.10.1 pings 192.168.15.254, packet is routed to 192.168.20.2 (local tun0) --> Public IP (em1) --> Public Internet

Packet comes in on Public IP (em1) on the 192.168.15.0/24 machine, but does not route...

I have ipfowarding on both machines.
I have the iptables rules in place to allow packets to flow.

I am looking for other thoughts about how to debug this issue. Ideas? Suggestions?

TIA,

Mark

Post Reply