wiki:263-openvpn-can-ping-both-peers-but-i-cant-reach-any-of-the-other-machines-on-the-remote-subnet

OpenVPN can ping both peers, but I can't reach any of the other machines on the remote subnet.

  • Make sure that the firewall is not filtering the TUN/TAP interface.
  • Make sure you have IP forwarding enabled on the server.
  • If you are using routing (not ethernet bridging), make sure the clients (or LAN gateway) have a route back to the server for the packets coming in over the tunnel. This can be done by:
    • adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine,
    • adding a route to every client, or
    • NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net.
  • If you are hosting the OpenVPN server on an Amazon Web Services (AWS) EC2 instance make sure "Source/Destination Checking" is disabled on the instance's Elastic Network Interface (enabled by default)
  • If you are still stumped, use tcpdump, wireshark, or WinDump? to determine where packets are being dropped.

Return to FAQ

Last modified 8 years ago Last modified on 03/17/16 22:38:04