Changes between Version 1 and Version 2 of 263-openvpn-can-ping-both-peers-but-i-cant-reach-any-of-the-other-machines-on-the-remote-subnet


Ignore:
Timestamp:
04/03/14 21:04:15 (7 years ago)
Author:
David Sommerseth
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • 263-openvpn-can-ping-both-peers-but-i-cant-reach-any-of-the-other-machines-on-the-remote-subnet

    v1 v2  
    11= OpenVPN can ping both peers, but I can't reach any of the other machines on the remote subnet. =
    22
    3 {{{
    4 #!html
    5 <div>
    6 <li>Make sure that the firewall is not filtering the TUN/TAP interface.</li>
    7 <li>Make sure you have <a href="/index.php/open-source/faq.html#ip-forward">IP forwarding</a> enabled on the server.</li>
    8 <li>If you are using routing (not ethernet bridging), make sure the clients (or LAN gateway) have a route back to the server for the packets coming in over the tunnel. This can be done by: 
    9 <ul>
    10 <li>adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine,</li>
    11 <li>adding a route to every client, or</li>
    12 <li>NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net.</li>
    13 </ul>
    14 </li>
    15 <li>If you are still stumped, use <strong>tcpdump</strong>, <strong>wireshark</strong>, or <strong>WinDump</strong> to determine where packets are being dropped.</li>
    16 </div>
    17 }}}
     3* Make sure that the firewall is not filtering the TUN/TAP interface.
     4* Make sure you have [http://openvpn.net/index.php/open-source/faq/community-software-server/265-how-do-i-enable-ip-forwarding.html IP forwarding] enabled on the server.
     5* If you are using routing (not [wiki:BridgingAndRouting ethernet bridging]), make sure the clients (or LAN gateway) have a route back to the server for the packets coming in over the tunnel. This can be done by: 
     6 * adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine,
     7 * adding a route to every client, or
     8 * NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net.
     9
     10* If you are still stumped, use '''tcpdump''', '''wireshark''', or '''WinDump''' to determine where packets are being dropped.
    1811
    1912[wiki:FAQ Return to FAQ]