Can't ping each other through vpn

Issues related to configuring your network
Post Reply
skveen
Posts: 12
Joined: 2013/09/01 12:31:41

Can't ping each other through vpn

Post by skveen » 2019/11/22 07:15:21

Hello
all
I have established a VPN between the two places (A to B)
However, it is now only possible to ping B's intranet IP from A.
Cannot ping A's intranet IP from B

A's intranet IP is 172.27.7.254; B's intranet IP is 10.76.15.254

B's routing table is as follows
[root@B ~]# ip route list table 220
172.27.7.0/24 via 144.34.160.1 dev eth0 proto static src 10.76.15.254
10.76.12.0/22 dev eth1 proto static src 10.76.15.254
B.B.160.0/19 dev eth0 proto static src B.B.188.145

B's iptables rule is as follws:

Code: Select all

[root@B ~]# iptables -nvL
Chain INPUT (policy DROP 4913 packets, 1583K bytes)
 pkts bytes target     prot opt in     out     source               destination
  457 37530 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53
  436 63056 ACCEPT     esp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
61405   11M ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           multiport dports 500,4500
   14  2400 ACCEPT     tcp  --  *      *       172.27.7.0/24        0.0.0.0/0           tcp dpt:22
   6514 32400 ACCEPT     tcp  --  *      *       10.76.15.0/24        0.0.0.0/0           tcp dpt:22
 6636 2018K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  eth0   *       172.27.7.0/24        10.76.15.254        policy match dir in pol ipsec reqid 10 proto 50
    0     0 ACCEPT     all  --  *      eth0    10.76.15.254         172.27.7.0/24       policy match dir out pol ipsec reqid 10 proto 50
  280 39488 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

[root@B ~]#

Code: Select all

[root@B ~]# iptables -nvL -t nat

Chain POSTROUTING (policy ACCEPT 528 packets, 36588 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           policy match dir out pol ipsec
    6   504 SNAT       all  --  *      *       10.76.12.0/22        0.0.0.0/0           to:B.B.188.145

Others are not set and are ACCEPT

Thanks for your reply..

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Can't ping each other through vpn

Post by jlehtone » 2019/11/22 20:37:04

Which VPN?

On openvpn the tunnel has its own interface and route to remote subnet is via that interface.

How do routes on the other end differ?

Are vpn endpoints also routers of the private subnets on each end?

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: Can't ping each other through vpn

Post by Whoever » 2019/11/23 03:04:55

The fact that it works in one direction but not the other suggests an iptables issue.

The command you used does not show the "nat" table. You may have a SNAT or MASQUERADE rule in place.

Post Reply