Hi, On 27/10/16 06:19, Hongyi Zhao wrote: > Hi all, > > I've connected to one of the vpngate's vpnserver successfully, see my > following openvpn client connection info: > > ------------------------------------------------ > $ sudo ifconfig tun1 > tun1 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:10.211.1.9 P-t-P:10.211.1.10 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:464 errors:0 dropped:0 overruns:0 frame:0 > TX packets:206 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:101188 (98.8 KiB) TX bytes:17304 (16.8 KiB) > -------------------------------------------------- > > The vpn server has the address 223.217.208.231, and I connect to it via eth0. > > Now I try to do some ping tests wrt this vpn server as follows: > > [1] Ping the vpn server's address via the tun1 interface: > > $ ping -c 4 -I tun1 223.217.208.231 > PING 223.217.208.231 (223.217.208.231) from 10.211.1.9 tun1: 56(84) > bytes of data. > 64 bytes from 223.217.208.231: icmp_seq=1 ttl=254 time=96.1 ms > 64 bytes from 223.217.208.231: icmp_seq=2 ttl=254 time=96.2 ms > 64 bytes from 223.217.208.231: icmp_seq=3 ttl=254 time=97.7 ms > 64 bytes from 223.217.208.231: icmp_seq=4 ttl=254 time=96.6 ms > > --- 223.217.208.231 ping statistics --- > 4 packets transmitted, 4 received, 0% packet loss, time 3004ms > rtt min/avg/max/mdev = 96.145/96.708/97.727/0.693 ms > > [2] Ping the vpn server's address via the eth0 interface: > > $ ping -c 4 -I eth0 223.217.208.231 > PING 223.217.208.231 (223.217.208.231) from 192.168.0.2 eth0: 56(84) > bytes of data. > > --- 223.217.208.231 ping statistics --- > 4 packets transmitted, 0 received, 100% packet loss, time 3018ms > > [3] Ping the vpn server's remote tunnel point address via the tun1 interface: > > $ ping -c 4 -I tun1 10.211.1.10 > PING 10.211.1.10 (10.211.1.10) from 10.211.1.9 tun1: 56(84) bytes of data. > > --- 10.211.1.10 ping statistics --- > 4 packets transmitted, 0 received, 100% packet loss, time 3022ms > > As you can see, only the fist test can be done successfully, while the > other two tests are failed. Any hints for this issue? >
without a routing table, it is very hard to tell what is happening. As for your tests: - I find it odd that you can actually ping the VPN server public IP address via the tunnel i/f ; it's possible, just not "default" behavior - what *is* normal is that you can ping the VPN server IP address via the network i/f ; however, your VPN provider may have blocked this - you should be able to ping the 10.211.1.1 address (no need to specify '-I tun1') but your VPN provider may have blocked that as well. - as Gert pointed out, this VPN is set up to use 'net30' mode, in which you can *never* ping the P-t-P endpoint (10.211.1.10) A more useful test would be to ping an anycast address such as 8.8.8.8 or 4.4.4.4 - do that via the tunnel vs outside the tunnel. It will only give you a limited understanding of the VPN's performance, however. I'd use something like speedtest.net to do a more useful measurement. HTH, JJK ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
