News: This forum is now permanently frozen.
Pages: [1]
Topic: Ping reply gets lost - updated  (Read 2023 times)
« on: April 22, 2008, 19:17:48 »
sunchica *
Posts: 3

A tunnel between my remote client and server is up, but this is what happens when I try to ping a computer in LAN:

ICMP request reaches the LAN computer and it sends back ICMP reply (confirmed with Wireshark), but that reply never gets back to my client machiine.

Any idea where/why it gets lost?
Need more info?

Thanks Smiley for ANY hint...

----------------------------------------------------------------------------------------------------------------------------
MORE DETAILS:
Since I am just testing, everything is set up in a lab. My m0n0 (WAN if) and client are in the same subnet -
m0n0 (WAN if):   x.x.x.143
client:                   x.x.x.144
their gateway:    x.x.x.129
m0n0 (LAN if):    y.y.y.1
LAN host:            y.y.y.2
When I try to ping a host in LAN (with tunnel UP) from my client in the Firewall Logs I see something like:
        time                source            if           destination                                              proto
X   aa:bb:cc       x.x.x.129          WAN      x.x.x.143 type unreac/port                   ICMP
^    aa:bb:dd               .144         IPsec      y.y.y.2    type echo/0                            ICMP
-------------------------------------------------------------------------------------------------------------------
Could the problem be that m0n0 and clent are in the same subnet?

Any other ideas?
« Last Edit: April 26, 2008, 01:17:35 by sunchica »
« Reply #1 on: April 24, 2008, 19:09:07 »
sunchica *
Posts: 3

Ok. The problem definitely wasn't that client and m0n0 were in the same subnet - I separated them but it still doesn't work... Huh
« Last Edit: April 26, 2008, 01:18:11 by sunchica »
« Reply #2 on: April 25, 2008, 01:21:32 »
dnn *
Posts: 19

hi.
what ip gets the vpn-client? what subnet is it in?
got the LAN-client a route to this subnet with m0n0walls LANinterface as gateway?
« Reply #3 on: April 25, 2008, 13:35:12 »
sunchica *
Posts: 3

Thx for your interest Smiley

My client is in 147.x.x.x, while LAN is 192..x.x.x. When the tunnel is up the client doesn't get the route to LAN wich was a bit strange to me too. I'm using GreenBow and I set the address of a remote LAN there (192.x.x.0) and for a remote gateway the m0n0 WAN interface. Is this ok? Should I add some routes on client or whatever? But ping reaches the LAN host!?
Before m0n0 I tried Untangle. I know it's not IPsec but SSL VPN, but there the client got other (private) address when connected to VPN. Is it the same here - I haven't tried any NATing?
« Last Edit: April 26, 2008, 01:18:46 by sunchica »
« Reply #4 on: April 26, 2008, 01:57:46 »
dnn *
Posts: 19

i have a VPN setup too, but with PPTP.

my question was witch subnet the VPN-net is.
i set it up something like this:
LAN = 192.168.10.0 (m0n0wall got LAN.1(192.168.10.1))
VPN = 192.168.11.0 (m0n0walls VPN server got VPN.1)

so all LAN hosts got a default route to LAN.1.
and the vpn-clients get a route to VPN.1 over monowalls WAN ip AND a route to LAN over VPN.1!
(and a firewall rule in m0n0wall that allows on the VPN-interface all traffic to the LAN subnet)

i dont know whitch subnet your VPN has, but this "ping gets to lan host but dont return" seams like your vpn subnet is the same than the lan subnet. so your lan host dont thinks the ping echo is to send to somewhere in his subnet so he does not need a gateway.

if LANs and VPNs subnet are the same, try to change this. if not, try to give the lan host a route to clients ip address(singe host!) with monowall(LAN) as gatway.

hope we can get your problem solved.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines