1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN connects but no replies to pings

Discussion in 'Tomato Firmware' started by chrismcbride76, Jan 11, 2011.

  1. chrismcbride76

    chrismcbride76 Networkin' Nut Member

    I've been searching for several days and have found others experiencing this same problem but I still haven't been able to fix it. Any help is greatly appreciated.

    I have an asus router running the latest Tomato ND USB Mod firmware. Through the webGUI I have set up an openVPN server as per the tomato guides. I am using the network manager plug-in in ubuntu 10.04 to connect as a client to the tomato openVPN. All of my certificates seem to be set up and working correctly.

    I am able to successfully connect to the openVPN server using the ubuntu client but after that I get nothing. On the client side I am unable to ping the router, any ip addresses inside my private network, the virtual network ip, and web browsing (client) no longer works.

    Also, when connected I am unable to ping the client from the private network.

    Before connecting
    Code:
     chris@ChrisLaptop:~$ ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:1e:68:90:5e:e9  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:31 Base address:0x8000 
    
    eth1      Link encap:Ethernet  HWaddr 00:21:00:35:44:ca  
              inet addr:192.168.0.111  Bcast:192.168.0.255  Mask:255.255.255.0
              inet6 addr: fe80::221:ff:fe35:44ca/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:57517 errors:0 dropped:0 overruns:0 frame:79517
              TX packets:31460 errors:6 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:75512183 (75.5 MB)  TX bytes:3351460 (3.3 MB)
              Interrupt:16 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:576 errors:0 dropped:0 overruns:0 frame:0
              TX packets:576 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:42024 (42.0 KB)  TX bytes:42024 (42.0 KB)
    
    After connecting
    Code:
    chris@ChrisLaptop:~$ ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:1e:68:90:5e:e9  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:31 Base address:0x8000 
    
    eth1      Link encap:Ethernet  HWaddr 00:21:00:35:44:ca  
              inet addr:192.168.0.111  Bcast:192.168.0.255  Mask:255.255.255.0
              inet6 addr: fe80::221:ff:fe35:44ca/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:57953 errors:0 dropped:0 overruns:0 frame:83912
              TX packets:31621 errors:6 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:75589342 (75.5 MB)  TX bytes:3370358 (3.3 MB)
              Interrupt:16 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:581 errors:0 dropped:0 overruns:0 frame:0
              TX packets:581 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:42375 (42.3 KB)  TX bytes:42375 (42.3 KB)
    
    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    I tried connecting from a different location that was not NAT'ed behind a router and I experienced the same problem. Also, if I attempt to connect from within my LAN, the connection fails.

    If any one could help me with this I would greatly appreciate it. I'll gladly provide any additional information that will make it easier to find a solution.

    Thanks,
    Chris
     
  2. rhester72

    rhester72 Network Guru Member

    What does the routing table look like before and after?

    To connect from the same LAN as the OpenVPN server, turn on no-replay (which actually turns replay protection *off*) on the server.

    Rodney
     
  3. chrismcbride76

    chrismcbride76 Networkin' Nut Member

    Once I have connected to the OpenVPN server, on the tomato vpn status page it shows the routing table as such:

    Code:
    Client List
    
    Common Name	Real Address	Virtual Address	Bytes Received	Bytes Sent	Connected Since
    
    chrisLinux	207.11.113.29:17341	10.8.0.6	3883	5135	Tue Jan 11 19:53:14 2011
    
    
    
    Routing Table
    
    Virtual Address	Common Name	Real Address	Last Ref
    
    10.8.0.6	chrisLinux	207.11.113.29:17341	Tue Jan 11 19:53:18 2011
    
    Before connecting nothing shows up here.

    The Advanced -> routing shows the following. It didn't seem to change wether I was connected or not.

    Code:
    Current Routing Table
    
    Destination	Gateway	Subnet Mask	Metric	Interface
    
    68.2.144.1	*	255.255.255.255	0	vlan1 (WAN)
    
    10.8.0.2	*	255.255.255.255	0	tun22
    
    10.8.0.0	10.8.0.2	255.255.255.0	0	tun22
    
    192.168.188.0	*	255.255.255.0	0	br0 (LAN)
    
    68.2.144.0	*	255.255.248.0	0	vlan1 (WAN)
    
    127.0.0.0	*	255.0.0.0	0	lo
    
    default	68.2.144.1	0.0.0.0	0	vlan1 (WAN)
    
    

    Thanks for any and all help.

    Chris
     
  4. rhester72

    rhester72 Network Guru Member

    Can you show the output of 'brctl show' on the router with OpenVPN server running (doesn't matter if the client is connected or not)?

    Rodney
     
  5. chrismcbride76

    chrismcbride76 Networkin' Nut Member

    With no clients connected I get the following result:

    Code:
    Tomato v1.28.8754 ND USB vpn3.6
    root@router:/tmp/home/root# brctl show
    bridge name	bridge id		STP enabled	interfaces
    br0		8000.00ff75ea35f4	no		vlan0
    							eth1
    							tap21
    
    Thanks for helping me with this.

    Chris
     
  6. rhester72

    rhester72 Network Guru Member

    OK, now we're getting somewhere. Your issue is you have no route back to your clients defined and the OpenVPN tunnel isn't part of your bridge, thus, there's no way to move packets back and forth.

    Since I'm not sure what guide you followed, and I don't use the GUI configuration myself, I'm afraid I won't be of much more help other than to say this is almost certainly a configuration issue. Hopefully others that use the GUI can jump in with other relevant questions.

    Rodney
     
  7. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Actually, his output shows him having both proper routes to his clients and a VPN interface attached to his bridge. Of course, you only need routing (w/ TUN) or a bridge (w/ TAP), but he appears to have two VPN servers running - one of each type.

    Is it possible that you're connecting to server 1 (TAP), but have your client configured for server 2(TUN)? Your client ifconfig showed a tun device, so I think this is possible. Which were you actually trying to connect to? Were you really wanting to have two VPN servers running?

    What port numbers do you have assigned to each in the server GUI? What port do you have in your client config?

    EDIT: I just noticed the output from the status tab that corresponds to your tun22 interface. I assume that means you were trying to connect to Server 2. Please check my other above questions to make sure you're not connecting to Server 1. If you were, the symptoms would be as you are experiencing (connect fine, but no communication).
     
  8. chrismcbride76

    chrismcbride76 Networkin' Nut Member

    My original question deals with only the tun configuration. When I couldn't get it to work I tried creating the tap configuration and haven't had any luck with it either.

    I am trying to connect to the tun config which is on port 1194. I can post my GUI server configurations if that will help?

    Thanks,
    Chris
     
  9. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Just to double-check, though. Is the TAP VPN server configured to use a different port? If they're both set to use the same port, VPN Server 1 (your TAP server) would likely "win".

    Server and client configs would be helpful. Another thing to check that could cause your symptoms is that your compression settings match.
     
  10. chrismcbride76

    chrismcbride76 Networkin' Nut Member

    The two different servers are running on different ports so that shouldn't be a problem. I'll double check the compression settings and post the configs as well.

    Thanks,
    Chris
     

Share This Page