Jump to content
Not connected, Your IP: 18.119.120.59
AirVPN
Sign in to follow this  
Followers 0
kruss

Cannot ping over VPN

By kruss, ... in Troubleshooting and Problems

Recommended Posts

kruss    1

kruss
Posted ...

I have been trying to get the VPN to work for a few days now, and I have the VPN being created for the tun0 interface. I'm not 100% sure if this is a VPN config error, or another problem. I haven't been able to connect to anything although I am getting data sent out and received back.

 

I'm running on ubuntu and just trying to bind rtorrent to the VPN once I figure it out. I've been trying to use ping to see what I can and can't connect to.

 

 

Pinging 10.4.0.1 works great.

###:###$ ping -I tun0 10.4.0.1
PING 10.4.0.1 (10.4.0.1) from 10.4.61.179 tun0: 56(84) bytes of data.
64 bytes from 10.4.0.1: icmp_seq=1 ttl=64 time=81.1 ms
64 bytes from 10.4.0.1: icmp_seq=2 ttl=64 time=82.3 ms
64 bytes from 10.4.0.1: icmp_seq=3 ttl=64 time=82.2 ms

 

However, pinging 8.8.8.8 is not.

###:###$ ping -I tun0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.4.61.179 tun0: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 11088ms

And this is the tcpdump data showing that I am actually receiving the ICMP reply.

###:#### tcpdump -i tun0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
00:25:43.902145 IP 10.4.61.179 > 8.8.8.8: ICMP echo request, id 1939, seq 5, length 64
00:25:43.984580 IP 8.8.8.8 > 10.4.61.179: ICMP echo reply, id 1939, seq 5, length 64
00:25:44.910111 IP 10.4.61.179 > 8.8.8.8: ICMP echo request, id 1939, seq 6, length 64
00:25:44.991955 IP 8.8.8.8 > 10.4.61.179: ICMP echo reply, id 1939, seq 6, length 64
00:25:45.918162 IP 10.4.61.179 > 8.8.8.8: ICMP echo request, id 1939, seq 7, length 64
00:25:46.002446 IP 8.8.8.8 > 10.4.61.179: ICMP echo reply, id 1939, seq 7, length 64
00:25:46.926141 IP 10.4.61.179 > 8.8.8.8: ICMP echo request, id 1939, seq 8, length 64
00:25:47.008672 IP 8.8.8.8 > 10.4.61.179: ICMP echo reply, id 1939, seq 8, length 64
00:25:47.934134 IP 10.4.61.179 > 8.8.8.8: ICMP echo request, id 1939, seq 9, length 64
00:25:48.015698 IP 8.8.8.8 > 10.4.61.179: ICMP echo reply, id 1939, seq 9, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

 

The first thing I thought of when I saw that is that iptables might be doing something weird, so I checked that. I know this isn't the best thing do have on a computer but I'm just trying to get the config working on this first and then I'll move it to a machine with firewall rules on it.

 

###:###$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 

Please let me know if I can provide any other information that can be helpful.

Share this post

Link to post

kruss    1

kruss
Posted ...

Thanks for responding so quickly. I have added 10.4.0.1 as a default gateway but it still doesn't seem to work. Here is my routing table after I added 10.4.0.1 as a default gateway

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.4.0.1        0.0.0.0         UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.4.0.0        0.0.0.0         255.255.0.0     U     0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

 

And here is my OpenVPN connection log after restarting it.

 

Mon Mar  6 18:30:24 2017 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Apr 13 2015
Mon Mar  6 18:30:24 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar  6 18:30:24 2017 Control Channel Authentication: tls-auth using INLINE static key file
Mon Mar  6 18:30:24 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  6 18:30:24 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  6 18:30:24 2017 Socket Buffers: R=[212992->131072] S=[212992->131072]
Mon Mar  6 18:30:32 2017 UDPv4 link local: [undef]
Mon Mar  6 18:30:32 2017 UDPv4 link remote: [AF_INET]184.75.223.194:443
Mon Mar  6 18:30:34 2017 TLS: Initial packet from [AF_INET]184.75.223.194:443, sid=9af95289 9bf0557c
Mon Mar  6 18:30:34 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Mon Mar  6 18:30:34 2017 Validating certificate key usage
Mon Mar  6 18:30:34 2017 ++ Certificate has key usage  00a0, expects 00a0
Mon Mar  6 18:30:34 2017 VERIFY KU OK
Mon Mar  6 18:30:34 2017 Validating certificate extended key usage
Mon Mar  6 18:30:34 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Mar  6 18:30:34 2017 VERIFY EKU OK
Mon Mar  6 18:30:34 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Mon Mar  6 18:30:35 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Mar  6 18:30:35 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  6 18:30:35 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Mar  6 18:30:35 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  6 18:30:35 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Mar  6 18:30:35 2017 [server] Peer Connection Initiated with [AF_INET]184.75.223.194:443
Mon Mar  6 18:30:38 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Mar  6 18:30:38 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.79.199 255.255.0.0'
Mon Mar  6 18:30:38 2017 OPTIONS IMPORT: timers and/or timeouts modified
Mon Mar  6 18:30:38 2017 OPTIONS IMPORT: LZO parms modified
Mon Mar  6 18:30:38 2017 OPTIONS IMPORT: --ifconfig/up options modified
Mon Mar  6 18:30:38 2017 OPTIONS IMPORT: route options modified
Mon Mar  6 18:30:38 2017 OPTIONS IMPORT: route-related options modified
Mon Mar  6 18:30:38 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Mar  6 18:30:38 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=f2:19:92:75:10:a0
Mon Mar  6 18:30:38 2017 TUN/TAP device tun0 opened
Mon Mar  6 18:30:38 2017 TUN/TAP TX queue length set to 100
Mon Mar  6 18:30:38 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Mar  6 18:30:38 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon Mar  6 18:30:38 2017 /sbin/ip addr add dev tun0 10.4.79.199/16 broadcast 10.4.255.255
Mon Mar  6 18:30:38 2017 /etc/openvpn/update-resolv-conf tun0 1500 1558 10.4.79.199 255.255.0.0 init
dhcp-option DNS 10.4.0.1
Mon Mar  6 18:30:43 2017 Initialization Sequence Completed

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...