Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Jun 2010
    Posts
    6

    Unhappy Why can I ping all PC's except one while on VPN

    Hi, first time poster but long time reader.

    I have UT installed in virtualized environment, connected to two physical NICs. One NIC connects to the world, other NIC is internal network (192.168.0.1). It is the DHCP and DNS server.

    UT IP is 192.168.0.1
    OpenVPN Network is 192.168.3.0, Exported DNS
    No firewall rules, default is allow all traffic.
    Running OpenVPN as administrator.

    While at work on the LAN, I can ping a certain machine (192.168.0.101) just fine. However, once I get on OpenVPN, I can no longer ping this machine, but I can still ping all other machines, and everything else works dandy. I can access everything else, literally.

    This machine has a static IP and subnet of 255.255.255.0 but no hostname, or gateway specified. All other PC's on my network are automatic acquire IP and have gateway of UT. It does not show up on the DHCP clients list.

    Another thing, this machine is connected to a WRT54G DDWRT box that is in Wifi Bridge Mode so all wired and wireless clients pass through to UT for all traffic and DNS. I have discounted this as the issue since I can ping all other machines connected through this router through the VPN.

    Oh, the UT box can also ping this IP just fine, but won't let any client on VPN ping it.

    So, with this said, what could possibly be the issue? I have tried so many different configs, and modified the ARP routes, but no matter what I cannot ping the IP.

  2. #2
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,279

    Default

    The 192.168.0.101 needs to have UT as GW otherwise it will not be able to communicate back to the VPN network.

    The UT box can ping it fine as it has a ip on the 192.168.0.x subnet and can communicate with broadcasts.

    To go from subnet to subnet you need to have a GW.

  3. #3
    Newbie
    Join Date
    Jun 2010
    Posts
    6

    Default

    Thanks for clarifying that. I can't modify this machine's IP settings, since it's not a computer, it's an automated machine.

    Is there any other way I can manually force the UT to go to that IP address through VPN.

    What if I put the VPN on the same subnet of the machine, would that work?

  4. #4
    Master Untangler richie's Avatar
    Join Date
    Apr 2007
    Posts
    396

    Default

    no. try creating static route on the machines' gateway to point to untangle for the vpn address pool.

  5. #5
    Newbie
    Join Date
    Jun 2010
    Posts
    6

    Default

    Hi Richie,
    Can you tell me how to do that. Do I go to Networking, then Advance->Routes. What do I put for the values though?

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    No - on the *other* gateway.

    You need to find a way to get the "machine's" reply packets back to untangle (to the VPN)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Jun 2010
    Posts
    6

    Default

    You mean setup the DDWRT router to point back to UT. I think it is already doing that, and I believe the bridge mode for that router just passes all traffic back to the gateway anyhow.

    If the VPN address pool is 192.168.3.0 and the non-communicating machine is 192.168.0.101, then what would I need to change on the client connecting to the VPN server.

    Would the client's gateway be set to 192.168.3.0, or 192.168.0.1. Also, doesn't the OpenVPN GUI already change the routes so that's happening.

  8. #8
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    No. Not your dd-wrt.

    The device you can't ping either:

    A) has the incorrect default gateway set (it must be the untangle if you expect VPN to work)
    B) has a firewall of some sort that blocks pings from remote networks.

    Think about what is happening..

    Device A receives a ping from network V while it's on network L. In order to communicate with network V, it forward the packet to the default gateway. The default gateway then either a) has a specific route entry for network V or b) forwards the packet to it's default gw.

    If the default gw of device A is the Untangle, then it is all good as the Untangle knows where the VPN network is. If it's the dd-wrt, then it's bad because the dd-wrt doesn't know about the VPN network.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2