Can only ping/connect to the remote host OpenVPN

Got a problem with Viscosity or need help? Ask here!

ktyak

Posts: 4
Joined: Wed Nov 18, 2009 5:52 am

Post by ktyak » Wed Nov 18, 2009 6:13 am
Hi,

I can only ping/connect to the remote host that the OpenVPN server is running on. I can't ping, traceroute or otherwise connect to other hosts on the remote network. I'd appreciate some guidance here.

Setup:

Local Network: 192.168.1.0/255.255.255.0
Remote Network: 192.168.2.0/255.255.255.0
Remote Hosts: 192.168.2.50 and 192.168.2.51
Tunnel: 10.8.0.6 10.8.0.5

Here's what I have tried / configured so far.

I've tried pushing routes,

e.g. OpenVPN pushing options:
Code: Select all
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.50"
push "dhcp-option DOMAIN local"
and also specifying routes in Viscocity:

e.g.
Code: Select all
192.168.2.0  255.255.255.0 vpn_gateway
I have also checked if ip_forward is set to 1
Code: Select all
[root@texas ~]# cat /proc/sys/net/ipv4/ip_forward 
1
Even with all the above I am only able to ping 192.168.2.50 which is the host that OpenVPN is running on at the other end of the vpn tunnel.
Code: Select all
mpb:~ Jason$ ping 192.168.2.50
PING 192.168.2.50 (192.168.2.50): 56 data bytes
64 bytes from 192.168.2.50: icmp_seq=0 ttl=64 time=42.633 ms
^C
mpb:~ Jason$ ping 192.168.2.51
PING 192.168.2.51 (192.168.2.51): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
If I try to ping or traceroute 192.168.2.51 or otherwise connect then it fails. Well, it doesn't fail but it shows the tunnel only.

e.g.
Code: Select all
mpb:~ Jason$ traceroute 192.168.2.50
traceroute to 192.168.2.50 (192.168.2.50), 64 hops max, 52 byte packets
 1  192.168.2.50 (192.168.2.50)  52.429 ms  46.589 ms  41.095 ms
mpb:~ Jason$ traceroute 192.168.2.51
traceroute to 192.168.2.51 (192.168.2.51), 64 hops max, 52 byte packets
 1  10.8.0.1 (10.8.0.1)  44.105 ms  41.229 ms  43.968 ms
 2  * *^C
mpb:~ Jason$ 
More diagnostic info:
Code: Select all
mpb:~ Jason$ ifconfig tun0
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 
	open (pid 59604)
Code: Select all
mpb:~ Jason$ netstat -rn
Routing tables
Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGSc           23        0     en0
10.8.0.1/32        10.8.0.5           UGSc            0        0    tun0  <---
10.8.0.5           10.8.0.6           UH              3        2    tun0         <---
10.37.129/24       link#10            UC              0        0   vnic1
10.211.55/24       link#9             UC              0        0   vnic0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH             10  4859955     lo0
169.254            link#4             UCS             0        0     en0
192.168.1          link#4             UCS             4        0     en0
192.168.1.1        0:50:7f:9f:34:d0   UHLWI          23       67     en0   1176
192.168.1.11       0:26:4a:11:5:9e    UHLWI           0      189     en0    351
192.168.1.14       127.0.0.1          UHS             0        2     lo0
192.168.1.18       link#4             UHLWI          23      135     en0
192.168.1.255      link#4             UHLWbI          3       36     en0
192.168.2          10.8.0.5           UGSc            1        4    tun0  <---
192.168.51         link#8             UC              3        0  vmnet1
192.168.51.1       0:50:56:c0:0:1     UHLWI           0      657     lo0
192.168.51.255     link#8             UHLWbI          1       10  vmnet1
192.168.200        link#7             UC              3        0  vmnet8
192.168.200.1      0:50:56:c0:0:8     UHLWI           0        6     lo0
192.168.200.255    link#7             UHLWbI          1       12  vmnet8

ktyak

Posts: 4
Joined: Wed Nov 18, 2009 5:52 am

Post by ktyak » Wed Nov 18, 2009 7:36 pm
*RESOLVED*

I needed to add an SNAT entry in the firewall.
2 posts Page 1 of 1