What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can't ping 2nd router from VPN subnet

blitzkrieg

blitzkrieg

Occasional Visitor
From my previous issue, I can deduce:
1) PC/client able to ping/access webUI of DLink router, be it connected to Asus or DLink, wired or wireless.
2) Ping from the Asus Ping tool fails. Ping within PuTTY SSH fails. Ping from external through OpenVPN fails too (essentially the server is in the Asus).
3) Ping through another OpenVPN server connected in the LAN works.

So it has nothing to do with OpenVPN not forwarding packets, rather the Asus router not able to find a route to the DLink?? Doesn't make sense as PC/client able to ping each other.
Anybody have any routing suggestion?
Here's the current table:
Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
44.125.x.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.128 U     0      0        0 br0
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun21
44.125.x.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         44.125.x.1      0.0.0.0         UG    0      0        0 eth0
hmnetwrk.jpg pingfail.jpg
 
After days of head scratching, I attempted:
1) factory defaults the DLink, and now the Asus Ping tool is able to ping it.
2) Connecting OpenVPN and SSH in terminal allows to ping the DLink too (since its coming from the Asus).
3) HOWever, pinging as an OpenVPN client from a normal terminal(not SSH) fails. Accesing the webUI of DLink thus fails.
4) Attempted factory reset the Asus and deleting all iptables entries and change policy to ACCEPT to isolate, but still unable to ping/access the webUI as an OpenVPN client.

Can I conclude that it's not firewall/iptables that's blocking it? Rather somehow a routing issue, since its a 10.8.0.0 client that's sending out the request and not a 192.168.4.0 client?
What am I missing in this cascading setup?
Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
44.125.x.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.128 U     0      0        0 br0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun21
44.125.x.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         44.125.x.1      0.0.0.0         UG    0      0        0 eth0
 
Something does not seem right with your setup. Why use a 25 CIDR? Just set the AC66U to 192.168.4.1 with a mask of 255.255.255.0, the dlink as an access point and let the Asus assign the network IP addresses.

Sent from my P01M using Tapatalk
 
bbunge said:
Something does not seem right with your setup. Why use a 25 CIDR? Just set the AC66U to 192.168.4.1 with a mask of 255.255.255.0, the dlink as an access point and let the Asus assign the network IP addresses.

Sent from my P01M using Tapatalk
Click to expand...

Hmm, whats wrong with /25 cidr? Its just personal preference and you can't auto assign ip address to a cascaded lan-lan router.

Anyway, factory reset the AC66U to 192.168.4.1 255.255.255.0, still same issue.

Does 'NAT Loopback' option under Firewall-General anything to do with this?
Code: 
Kernel IP routing table                                                          
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    
44.125.x.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0    
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 br0      
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun21    
44.125.x.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0    
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo      
0.0.0.0         44.125.x.1      0.0.0.0         UG    0      0        0 eth0
 
So I attempted add a static route for the LAN interface, still no go. Also for NAT Loopback; Asus or Merlin, have no effect.
Anybody any routing ideas?
Code: 
Kernel IP routing table                                                         
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
44.125.x.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.4.2     0.0.0.0         255.255.255.0   U     0      0        0 br0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun21
44.125.x.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         44.125.x.1      0.0.0.0         UG    0      0        0 eth0
Screenshot_2017-08-10-15-47-19.png
 
You must log in or register to reply here.

Similar threads

S
VPN Routing RT-AX58U
Replies
0
Views
619
SteveM
S
R
Asus RT N66u running Asuswrt Merlin change VPN listening port from WAN to LAN
Replies
7
Views
447
bennor
B
garycnew
ASUS RT-AC66U_B1 All AiMesh Nodes Stopped Working
Replies
19
Views
1K
garycnew
garycnew
I
Router can't reach IPv6 despite clients having full connectivity
Replies
9
Views
586
iTheMask
I
CaptnDanLKW
Simple Route Add Command
Replies
9
Views
2K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
R Can't ping Printer when Devices are on different AP's Asuswrt-Merlin 1
P IPtable rule for PING Asuswrt-Merlin 2
R OpenVPN client can't connect to local resources over port 80/443, but can ping them by IP Asuswrt-Merlin 6
M Can't ping ipv6 with all connected devices Asuswrt-Merlin 0
thelonelycoder Is curl the new ping? Asuswrt-Merlin 2
M Solved No ping on WG - BUG? Asuswrt-Merlin 20
CntrlAltDel Not able to ping to WAN Asuswrt-Merlin 7
NonAlex Have anyone tried to run BGP on the router ? Asuswrt-Merlin 2
F Unable to set a fixed dns entry for a particular client because router IPV6 address is always added as first dns choice Asuswrt-Merlin 6
B Regular monitoring of devices connected to the router: Asuswrt-Merlin 17

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 764 (members: 11, guests: 753)
Back
Top