Succsessful VPN connection (L2TP) to Windows server but cannot ping

tapia · 2017-09-20 20:43:39

I am trying to connect my computer to the intranet of my work through a VPN connection (L2TP IPSEC). For this I have used networkmanager-l2tp [1] and was able to successfully establish a connection.
The problem is that when I try to ping to any service I don't get an answer. For example:

[tapia@tapia-laptop ~]$ ping mpa.loc
PING mpa.loc (62.138.239.45) 56(84) bytes of data.
^C
--- mpa.loc ping statistics ---
258 packets transmitted, 0 received, 100% packet loss, time 260429ms

I get the following for ip route:

[tapia@tapia-laptop ~]$ ip route
default dev ppp0 proto static scope link metric 50 
default via 192.168.1.1 dev wlp2s0 proto static metric 600 
10.134.0.0 dev ppp0 proto kernel scope link src 10.134.0.4 metric 50 
129.69.159.69 via 192.168.1.1 dev wlp2s0 proto static metric 600 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.123 metric 302 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.123 metric 600 
192.168.1.1 dev wlp2s0 proto static scope link metric 600

and netstat -nr:

[tapia@tapia-laptop ~]$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 ppp0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 wlp2s0
10.134.0.0      0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
129.69.159.69   192.168.1.1     255.255.255.255 UGH       0 0          0 wlp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlp2s0
192.168.1.1     0.0.0.0         255.255.255.255 UH        0 0          0 wlp2s0

Any idea of what might be going wrong?
Thanks!

[1] https://aur.archlinux.org/packages/networkmanager-l2tp/

ewaller · 2017-09-20 20:58:02

What are the contents of /etc/resolv.conf

Try editing that file and point it at 8.8.8.8 (a Google DNS server) and see if that helps. Note that this is a test, not the solution.

tapia · 2017-09-20 21:05:47

Hi ewaller! Thanks for the answer.
The current content of /etc/resolv.conf is:

# Generated by resolvconf
nameserver 192.168.1.1

After replacing it with 8.8.8.8 and then ping as before, nothing happens:

[tapia@tapia-laptop ~]$ ping mpa.loc
^C

Lone_Wolf · 2017-09-21 08:59:34

What are the results of pinging 192.168.1.1 and 10.134.0.1 ?

ewaller · 2017-09-21 14:40:27

and of pinging 138.201.81.199 (an Arch Linux server) ?

Also, is mpa.loc the thing you actually tried to ping? or is that some manner of obfuscation.

Last edited by ewaller (2017-09-21 14:40:40)

tapia · 2017-09-21 16:38:16

Lone_Wolf wrote:

What are the results of pinging 192.168.1.1 and 10.134.0.1 ?

This is what I obtain:

[tapia@tapia-laptop ~]$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.37 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.769 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.887 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.57 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.74 ms
64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=1.42 ms
64 bytes from 192.168.1.1: icmp_seq=7 ttl=64 time=1.47 ms
64 bytes from 192.168.1.1: icmp_seq=8 ttl=64 time=1.69 ms
64 bytes from 192.168.1.1: icmp_seq=9 ttl=64 time=1.78 ms
64 bytes from 192.168.1.1: icmp_seq=10 ttl=64 time=1.55 ms
64 bytes from 192.168.1.1: icmp_seq=11 ttl=64 time=9.08 ms
64 bytes from 192.168.1.1: icmp_seq=12 ttl=64 time=1.45 ms
64 bytes from 192.168.1.1: icmp_seq=13 ttl=64 time=1.50 ms
64 bytes from 192.168.1.1: icmp_seq=14 ttl=64 time=1.66 ms
64 bytes from 192.168.1.1: icmp_seq=15 ttl=64 time=1.43 ms
^C
--- 192.168.1.1 ping statistics ---
15 packets transmitted, 15 received, 0% packet loss, time 14032ms
rtt min/avg/max/mdev = 0.769/1.961/9.089/1.925 ms

... so it looks good.

And for the other address:

[tapia@tapia-laptop ~]$ ping 10.134.0.1
PING 10.134.0.1 (10.134.0.1) 56(84) bytes of data.
^C
--- 10.134.0.1 ping statistics ---
18 packets transmitted, 0 received, 100% packet loss, time 17227ms

...no response.

ewaller wrote:

and of pinging 138.201.81.199 (an Arch Linux server) ?
Also, is mpa.loc the thing you actually tried to ping? or is that some manner of obfuscation.

Yes, mpa.loc is what I am trying to ping here. I also should be able to ping exchange.mpa.loc, but nothing happens there either.

[tapia@tapia-laptop ~]$ ping exchange.mpa.loc
ping: exchange.mpa.loc: Name or service not known

The result of pinging 138.201.81.199 is:

[tapia@tapia-laptop ~]$ ping 138.201.81.199
PING 138.201.81.199 (138.201.81.199) 56(84) bytes of data.
^C
--- 138.201.81.199 ping statistics ---
17 packets transmitted, 0 received, 100% packet loss, time 16216ms

tapia · 2017-09-22 11:19:04

A small update:

At work, these are the outputs I obtain for the different commands (the ones that I issued at home before, connected through the VPN).

tapiac@CL00088:~ $ ip route
default via 10.10.10.51 dev enp5s0 proto static metric 100 
10.10.0.0/20 dev enp5s0 proto kernel scope link src 10.10.4.1 metric 100 
10.132.0.0/20 via 10.10.10.100 dev enp5s0 proto dhcp metric 100 
169.254.0.0/16 dev enp5s0 scope link metric 1000

tapiac@CL00088:~ $ netstat -nr
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags   MSS Fenster irtt Iface
0.0.0.0         10.10.10.51     0.0.0.0         UG        0 0          0 enp5s0
10.10.0.0       0.0.0.0         255.255.240.0   U         0 0          0 enp5s0
10.132.0.0      10.10.10.100    255.255.240.0   UG        0 0          0 enp5s0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 enp5s0

tapiac@CL00088:~ $ ping mpa.loc
PING mpa.loc (10.10.10.7) 56(84) bytes of data.
64 bytes from ds-dc02.mpa.loc (10.10.10.7): icmp_seq=1 ttl=128 time=0.421 ms
64 bytes from ds-dc02.mpa.loc (10.10.10.7): icmp_seq=2 ttl=128 time=0.440 ms
64 bytes from ds-dc02.mpa.loc (10.10.10.7): icmp_seq=3 ttl=128 time=0.501 ms
64 bytes from ds-dc02.mpa.loc (10.10.10.7): icmp_seq=4 ttl=128 time=0.405 ms
64 bytes from ds-dc02.mpa.loc (10.10.10.7): icmp_seq=5 ttl=128 time=0.525 ms
64 bytes from ds-dc02.mpa.loc (10.10.10.7): icmp_seq=6 ttl=128 time=0.474 ms
^C
--- mpa.loc ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5096ms
rtt min/avg/max/mdev = 0.405/0.461/0.525/0.042 ms

tapiac@CL00088:~ $ ping exchange.mpa.loc
PING exchange.mpa.loc (10.132.0.3) 56(84) bytes of data.
64 bytes from exchange.mpa.loc (10.132.0.3): icmp_seq=1 ttl=127 time=0.579 ms
64 bytes from exchange.mpa.loc (10.132.0.3): icmp_seq=2 ttl=127 time=0.721 ms
64 bytes from exchange.mpa.loc (10.132.0.3): icmp_seq=3 ttl=127 time=0.508 ms
64 bytes from exchange.mpa.loc (10.132.0.3): icmp_seq=4 ttl=127 time=0.649 ms
64 bytes from exchange.mpa.loc (10.132.0.3): icmp_seq=5 ttl=127 time=0.636 ms
^C
--- exchange.mpa.loc ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4051ms
rtt min/avg/max/mdev = 0.508/0.618/0.721/0.076 ms

Lone_Wolf · 2017-09-22 17:15:58

It looks like your routes are not changed (usually done through dhcp) when you connect over l2tp .

Verify the settings on your side, if that doesn't help :
ask IT what gateway/routing settings you're supposed to get when connecting over l2tp
(they often differ fromn values you get over direct connection) .
Once you have them, try setting them manually.

Last edited by Lone_Wolf (2017-09-22 17:16:55)

Arch Linux

#1 2017-09-20 20:43:39

Succsessful VPN connection (L2TP) to Windows server but cannot ping

#2 2017-09-20 20:58:02

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

#3 2017-09-20 21:05:47

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

#4 2017-09-21 08:59:34

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

#5 2017-09-21 14:40:27

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

#6 2017-09-21 16:38:16

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

#7 2017-09-22 11:19:04

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

#8 2017-09-22 17:15:58

Re: Succsessful VPN connection (L2TP) to Windows server but cannot ping

Board footer