OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Hosts can't ping each others

https://forums.openvpn.net/viewtopic.php?t=19669

Page 1 of 1

Hosts can't ping each others

Posted: Tue Sep 08, 2015 10:46 am
by andreaconte
Hi all,
I'm new to OpenVPN so sorry for any 'neeb' mistake I culd have done with the configuration I'm going to expose.

By the way, here's my situation.

I have a really simple setup: 1 server and 2 clients
server config

Code: Select all

port 1194
proto tcp
dev tun

ca ca.crt
cert server.crt
key server.key 
dh dh2048.pem

server 192.168.99.0 255.255.255.0

keepalive 10 120
cipher DES-EDE3-CBC
comp-lzo

user nobody
group nogroup
persist-key
persist-tun

status openvpn-status.log
log openvpn.log
verb 5
mute 20
clients

Code: Select all

client
remote my-awesome-server-ip 443

cipher DES-EDE3-CBC
comp-lzo yes
dev tun
proto tcp

ca ca.crt
cert client.crt
key client.key

keepalive 10 120

remote-cert-tls server

nobind
auth-nocache
persist-key
persist-tun

redirect-gateway
fact is, clients can connect to vpn (i'm using tcp - 443 with sslh on server because i'm behind a proxy) and can navigate to internet (I've enabled ip forwarding and masquerading via iptables) but they cannot ping each other. I can only ping server from hosts (but NOT vice-versa).

server route -n

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         5.9.101.65      0.0.0.0         UG    0      0        0 eth0
5.9.101.64      5.9.101.65      255.255.255.224 UG    0      0        0 eth0
5.9.101.64      0.0.0.0         255.255.255.224 U     0      0        0 eth0
192.168.99.0    192.168.99.2    255.255.255.0   UG    0      0        0 tun0
192.168.99.2    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
iptables -L

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
iptables -L -t nat

Code: Select all

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.99.0/24      anywhere

Re: Hosts can't ping each others

Posted: Wed Sep 09, 2015 2:56 am
by Ben08
This seemed to work for me so far (from the sample server config). Try throwing this in your server config.

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client

Re: Hosts can't ping each others

Posted: Wed Sep 09, 2015 10:05 am
by Traffic
See --client-to-client in The Manual v23x
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/