Re: [Openvpn-users] Intermittent Connectivity

Wed, 12 Jul 2017 03:13:33 -0700 

Hi Russell,

On 12/07/17 04:35, Morris, Russell wrote:


Hi,


Yep, iptables is set up. Actually, seeing some odd results, and some 
debugging with tcpdump (below). By all means comment if I’m doing 
something dumb (which is entirely likely)!



- if I ping from the OpenVPN client, I see the icmp packet making it 
to the gateway (excellent!). But no reply. Thinking that's a route 
issue, but ...



what exactly is 'the gateway' ?  your VPN server? your LAN router/gateway?

does the gateway have a return route for packets coming from the VPN 
subnet? which routes ARE listed on the gateway? is 172.16.1.0/24 included?



- if I ping from the gateway, to the OpenVPN client ... it works! Hmm 
.. so why is the gateway not replying. It does reply to pings on the 
LAN side.



are you sure that packets end up on the VPN client? did you verify this 
using tcpdump on the OpenVPN client?

sometimes masquerading/NATting might lead to unexpected results here.


If the gateway is your VPN server, then it does not surprise me that 
packets are getting through, nor that you can reach the client but not 
the LAN address of the gateway itself. A 'ping' to the OpenVPN client 
will use the vpn server's IP address as the source address, not the LAN 
address.




- if I ssh from the OpenVPN client to the gateway ... it connects. So 
perhaps ping is fooling me (not replying to that subnet?). But,



- if I try to ping or ssh to another machine on the LAN ... ping 
works, but ssh fails (as does http). OK, this one is very odd ... as I 
do see the ping replies back through the gateway machine. And I see 
traffic (ssh and http) leaving the “another machine”, but it’s not 
seeming to get back to the OpenVPN client.



again, this still looks like a 'missing return route' issue to me. 
Without routing tables from the VPN server and the local LAN router it 
is impossible to tell, however.



HTH,

JJK


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to