New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenVPN Server cannot ping Client, but Client can ping server
elwebmaster
Member
in Help
I am having a weird issue. I have installed OpenVPN on a Linux box and an OpenVPN client on a Windows 8 machine. There is no masquerading involved, I just need a connection between the two machines. I am using UDP. On Windows I have set the "unidentified network" as Private and enabled ICMPv4 echo in the firewall. OpenVPN connects normally. From Windows I can ping the OpenVPN server. However, from the OpenVPN server I cannot ping the Windows client: ping times out. I also cannot access any server running on the client.
Any ideas what is happening? Is it possible that a hardware firewall on the client side is blocking incoming UDP traffic over the tunnel? I think if yes then the client wouldn't be able to ping the server either, but it can.
Comments
It may be the router on the client's side is blocking ping requests.
even over the tunnel though?
When I tried to use Hamachi with a friend (who uses Windows 8), I was never able to ping him. Never found out why.
I would still bet on Windows firewall blocking the ICMP. If there was hardware firewall/router between VPN client and server blocking UDP, you wouldn't be able to establish the tunnel.
I think there is a bug in the latest version of OpenVPN, but I don't know which version works...
It's not just ICMP that's blocked, no incoming traffic works from the client to the server. But the other way around is working fine. So basically I created an SSH tunnel now on top of the UDP OpenVPN to be able to access the Windows 8 box from the server, very suboptimal...
When I toyed with Openvpn I remember there being a checkbox I had to click to allow communication between the two on the server web gui.
Just want to verify -- are you pinging both of the private IPs? Are they on the same subnet?
Yes, same subnet: 10.8.0.1 is the gateway and 10.8.0.6 is the client. I think the checkbox you mention is client-to-client routing, I tried with it enabled also but it didn't make a difference.
I think the problem is between OpenVPN and Windows 8.
More interestingly: if I try to use Tap instead of Tun, then it doesn't work at all and I get "destination unreachable" from the client's Internet gateway. Thus, OpenVPN Tap + Windows 8 routing appears to be broken. OpenVPN Tun + Windows 8 works from client to server but not vice versa.
Weird. I would bring in a 2nd client running Windows 7 and see what happens at this point. You will be able to get an answer from that at least.
Have you check the firewall ?. there is a block icmp request ?
I also pretty sure that's because of firewall, the "public" firewall zone blocks incoming requests. Set "home" zone for TAP interface.