Re: [Openvpn-users] Intermittent Connectivity

Tue, 11 Jul 2017 15:29:21 -0700 

Hi,

On 11/07/17 23:28, Morris, Russell wrote:


Hi Selva,


Yep, that makes sense – and works, thanks! Now I can ping 172.16.1.1 
from the gateway machine … but, I can’t ping from the OpenVPN client 
to machines on the subnet (only the OpenVPN machine itself, 
192.168.1.10). Thoughts? I did add the forward, and the iptables entries.




did you add any forwarding rules in iptables, e.g.

iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT

and is IP forwarding itself enabled on the server (see /etc/sysctl.conf).

HTH,

JJK


*From:* Selva Nair [mailto:[email protected]]
*Sent:* Tuesday, July 11, 2017 12:54 PM
*To:* Morris, Russell <[email protected]>
*Cc:* [email protected]
*Subject:* Re: [Openvpn-users] Intermittent Connectivity


On Tue, Jul 11, 2017 at 12:51 PM, Morris, Russell <[email protected] 
<mailto:[email protected]>> wrote:



    OK, a bit more on this (hopefully helping others out!),
    - I got the route push working, was a misunderstanding on my part
    ... sorry! Now the link stays up very reliably. And FYI, I still
    see a (much smaller) delay variation, and no drop out. Excellent!
    - with iptables in Ubuntu (v1.6.0), --state does not exist, but
    it's now --ctstate. Again, just to help others.
    - so now, I can try to ping back from the OpenVPN client to the
    LAN. I do see traffic showing up in the iptables counters (good!),
    under NEW, but it's not going past that. I assume that this is due
    to the (yet missing) route. But when I try to enter that command
    (my OpenVPN server is on a machine on my LAN, not on the GW), I
    get the following,

    sudo ip route add 172.16.1.0/24 <http://172.16.1.0/24> via
    192.168.1.10
    RTNETLINK answers: File exists

    Thoughts?


Hi Russel,


Assuming 172.16.1.0/24 <http://172.16.1.0/24> is the VPN network and 
129.168.1.0/24 <http://129.168.1.0/24> the LAN, make sure that route 
is added on the GW. From the error message, it looks like you are 
trying to add it on the VPN server.


Selva



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to