Version 3 (modified by lucifersam, 8 years ago) (diff)

It is necessary to disable the "Source/Destination? Checking" option when using OpenVPN on AWS

OpenVPN can ping both peers, but I can't reach any of the other machines on the remote subnet.

  • Make sure that the firewall is not filtering the TUN/TAP interface.
  • Make sure you have IP forwarding enabled on the server.
  • If you are using routing (not ethernet bridging), make sure the clients (or LAN gateway) have a route back to the server for the packets coming in over the tunnel. This can be done by:
    • adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine,
    • adding a route to every client, or
    • NATing all VPN traffic to the local address of the OpenVPN machine for network traffic which leaves the OpenVPN machine for the local net.
  • If you are hosting the OpenVPN server on an Amazon Web Services (AWS) EC2 instance make sure "Source/Destination? Checking" is disabled on the instance's Elastic Network Interface (enabled by default)
  • If you are still stumped, use tcpdump, wireshark, or WinDump? to determine where packets are being dropped.

Return to FAQ