Unable to ping remote end of VPN
Posted: Fri Apr 05, 2013 3:58 pm
Hello!
This is my first OpenVPN installation.
I have two Fedora 17 machines, one with a local net 192.168.15.0/24 and the other 192.168.10.0/24.
I have an OpenVPN connection between then with network addresses 192.168.20.1 (on 192.168.15.0/24) and 192.168.20.2 (On 192.168.10.0/24).
The logs say that the VPN connection is up. I can ping the local side of the connection, but I am unable to ping the remote end. Using tcpdump watching the public IP's and activity on port 1194, I can see that the packets are being routed through the tun (local side) and are arriving at the public IP of the remote site, but there is no traffic indicated on the remote tun interface.
Both machines have IP masquerading enabled for the public interface (I am thinking that I need to NOT masquerade the traffic between the 192.168.10 and 192.168.15 nets, but I don't know how to do that... (I use iptables via system-config-firewall)
I am looking for debugging help here. Any ideas on why the packets would get routed through the VPN to the remote IP port 1194 but be not passed on to the remote tun interface? Are they supposed to?
Thanks in advance for any help you can give.
Mark
This is my first OpenVPN installation.
I have two Fedora 17 machines, one with a local net 192.168.15.0/24 and the other 192.168.10.0/24.
I have an OpenVPN connection between then with network addresses 192.168.20.1 (on 192.168.15.0/24) and 192.168.20.2 (On 192.168.10.0/24).
The logs say that the VPN connection is up. I can ping the local side of the connection, but I am unable to ping the remote end. Using tcpdump watching the public IP's and activity on port 1194, I can see that the packets are being routed through the tun (local side) and are arriving at the public IP of the remote site, but there is no traffic indicated on the remote tun interface.
Both machines have IP masquerading enabled for the public interface (I am thinking that I need to NOT masquerade the traffic between the 192.168.10 and 192.168.15 nets, but I don't know how to do that... (I use iptables via system-config-firewall)
I am looking for debugging help here. Any ideas on why the packets would get routed through the VPN to the remote IP port 1194 but be not passed on to the remote tun interface? Are they supposed to?
Thanks in advance for any help you can give.
Mark