openvpn connection succeeded but can't ping gateway

rvu95 · 2015-09-12 07:03:06

I'm trying to create openvpn config, i was succeeded but can't ping to the destination router. Any idea? Thanks

demaio · 2015-09-12 08:35:18

Please show us your openvpn configuration files.

EDIT: ... and the openvpn log entries.

Last edited by demaio (2015-09-12 08:40:22)

rvu95 · 2015-09-13 16:59:06

here's my config

client
dev tun
proto tcp
remote xxx
resolv-retry infinite
auth-nocache
script-security 2
nobind
persist-key
persist-tun
mute-replay-warnings
#ca cert.crt
ns-cert-type server
auth-user-pass
comp-lzo
verb 3

#http-proxy xxx xxx
#http-proxy-retry

and here's the log

Sun Sep 13 23:53:08 2015 OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 2 2014
Sun Sep 13 23:53:08 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Enter Auth Username: ***************
Enter Auth Password: ****************
Sun Sep 13 23:54:05 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 13 23:54:05 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock]
Sun Sep 13 23:54:06 2015 TCP connection established with [AF_INET]xx:1194
Sun Sep 13 23:54:06 2015 TCPv4_CLIENT link local: [undef]
Sun Sep 13 23:54:06 2015 TCPv4_CLIENT link remote: [AF_INET]xx:1194
*****
*****
Sun Sep 13 23:54:06 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 13 23:54:06 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 13 23:54:06 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 13 23:54:06 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 13 23:54:06 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Sep 13 23:54:06 2015 [server] Peer Connection Initiated with [AF_INET]xx:1194
Sun Sep 13 23:54:09 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Sep 13 23:54:09 2015 PUSH: Received control message: 'PUSH_REPLY,route xx 255.255.0.0,route xx 255.255.255.252,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.0.0,route xx 255.255.255.0,route xx 255.255.255.0,route 192.168.50.0 255.255.255.0,dhcp-option DNS xx,route xx,topology net30,ping 10,ping-restart 120,ifconfig xx xx'
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: route options modified
Sun Sep 13 23:54:09 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 13 23:54:09 2015 ROUTE_GATEWAY xx/255.255.252.0 IFACE=wlp2s0 HWADDR=yyyy
Sun Sep 13 23:54:09 2015 TUN/TAP device tun0 opened
Sun Sep 13 23:54:09 2015 TUN/TAP TX queue length set to 100
Sun Sep 13 23:54:09 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Sep 13 23:54:09 2015 /usr/bin/ip link set dev tun0 up mtu 1500
Sun Sep 13 23:54:09 2015 /usr/bin/ip addr add dev tun0 local xx peer xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/30 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/16 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/24 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/24 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/24 via xx
Sun Sep 13 23:54:09 2015 /usr/bin/ip route add xx/32 via xx
Sun Sep 13 23:54:09 2015 Initialization Sequence Completed
Sun Sep 13 23:56:09 2015 [server] Inactivity timeout (--ping-restart), restarting
Sun Sep 13 23:56:09 2015 SIGUSR1[soft,ping-restart] received, process restarting
Sun Sep 13 23:56:09 2015 Restart pause, 5 second(s)
Sun Sep 13 23:56:14 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 13 23:56:14 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock]
Sun Sep 13 23:56:24 2015 TCP: connect to [AF_INET]xx:1194 failed, will try again in 5 seconds: Connection timed out

Last edited by rvu95 (2015-09-13 17:06:37)

jasonwryan · 2015-09-13 18:10:58

https://wiki.archlinux.org/index.php/Fo … s_and_code

demaio · 2015-09-14 07:26:44

Is "comp-lzo" enabled on the server side? I had ping/routing errors when it is enabled on one side but not the other.

rvu95 · 2015-09-14 11:45:54

jasonwryan wrote:

https://wiki.archlinux.org/index.php/Fo … s_and_code

How I could used it?

demaio wrote:

Is "comp-lzo" enabled on the server side? I had ping/routing errors when it is enabled on one side but not the other.

It's enabled on the server side.

Last edited by rvu95 (2015-09-14 11:46:51)

demaio · 2015-09-15 06:09:40

rvu95 wrote:

jasonwryan wrote:
https://wiki.archlinux.org/index.php/Fo … s_and_code
How I could used it?

Use the code tags for pasting config and log files, so that others can distinguish between code and your own words.

rvu95 wrote:

It's enabled on the server side.

The next things I would try are:

make sure that all other settings are compatible between server and client config
disable all possible firewalls between server and client
switch to UDP (not really sure about that, but we only use UDP in all our VPN tunnels)
ping IP address of server instead name to eliminate DNS problems
ping directly from client to server to eliminate routing problems
EDIT: check MTU sizes on all networks, I have seen problems with MTU on some home DSL modem-routers

Our VPN setup uses certificates instead of username/password auth, so I'm not sure if the latter can cause the problems.

Last edited by demaio (2015-09-15 06:13:36)

Arch Linux

#1 2015-09-12 07:03:06

openvpn connection succeeded but can't ping gateway

#2 2015-09-12 08:35:18

Re: openvpn connection succeeded but can't ping gateway

#3 2015-09-13 16:59:06

Re: openvpn connection succeeded but can't ping gateway

#4 2015-09-13 18:10:58

Re: openvpn connection succeeded but can't ping gateway

#5 2015-09-14 07:26:44

Re: openvpn connection succeeded but can't ping gateway

#6 2015-09-14 11:45:54

Re: openvpn connection succeeded but can't ping gateway

#7 2015-09-15 06:09:40

Re: openvpn connection succeeded but can't ping gateway

Board footer