OpenVPN Support Forum

Hi all:

I've been struggling with this problem for days, and I've been googling, reading docs, posts but still can't figure it out. I hope I can get some help here. Thanks in Advance!

Problem description:
Short version:

servers behind openvpn subnet can't ping openvpn client, but openvpn client can ping servers behind openvpn subnet.

Long version:
Server A - host behind vpn subnet
Server B - vpn server
Server C - vpn client

Server A:
eth0 -116.196.32.158
eth0:0 - 192.168.185.52
gre1 - 10.9.201.2 (Since A and B are in different subnet, I had to set up a IP tunnel between A and B, so that A can ping vpn network)

Server B:
eth0 - 116.197.65.148
eth0:0 - 192.168.181.143
tun0 - 10.8.1.1
gre1 - 10.9.201.1

Server C:
eth0 - 104.112.34.5
tun0 - 10.8.1.6

A -> C
$ ping 10.8.1.6
PING 10.8.1.6 (10.8.1.6) 56(84) bytes of data.
From 10.9.201.1 icmp_seq=1 Destination Port Unreachable

C -> A
$ ping 192.168.185.52
56(84) bytes of data.
64 bytes from 192.168.185.52: icmp_seq=1 ttl=63 time=210 ms
64 bytes from 192.168.185.52: icmp_seq=2 ttl=63 time=209 ms

I can see the packets from A arrives B, then get lost, on server A, I have route like:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.1.0 10.9.201.2 255.255.255.0 UG 0 0 0 gre1

on Server B, I have route like:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 116.177.65.1 0.0.0.0 UG 0 0 0 eth0
10.8.1.0 10.8.1.2 255.255.255.0 UG 0 0 0 tun0
10.8.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0

I couldn't figure out why the packets from server A reach server B and didn't get forword to subnet 10.8.1.0.

Can someone help? Thank in advance!

check routing tables for all servers involved,
also check that they have ip forwarding enabled..

Michael.

maikcat wrote:check routing tables for all servers involved,
also check that they have ip forwarding enabled..

Michael.

Thanks Michael for replying.

I doubled checked the routing table on all three servers,

On server A (server behind openvpn subnet):
The routing to openvpn clients, traffic goes through server B (the openvpn server, as a gateway): You can see that all the traffic to 10.8.1.0 subnet goest to 10.9.201.2 (IP-IP) tunnel to openvpn server.

On Server B (openvpn server): All the traffice to 10.8.1.0 subnet goes to openvpn tunnel.

On Server C (openvpn client): All the traffic to 192.168.185.0 subnet goes through openvpn tunnel.

ip forwarding is enabled on all three servers.

Any other suggestions?

Thanks!

iptables filtering traffic?

if you use traceroute what do you see?

Michael.

maikcat wrote:iptables filtering traffic?

if you use traceroute what do you see?

Michael.

By adding a iptable forward rule on the openvpn server fixed my problem. Thanks Michael for the help!