Menu
What's new
By:
Filters Better Search

Can't ping or RDP locally but CAN from OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

F

felixdd

Occasional Visitor
Note I had this working before but inexplicable this stopped working. I'm blaming Windows 10 update.

Anyways, I have a router with 7 devices in it's LAN. One is a windows 7 file server. The rest are all windows 10.

SETTINGS
  • The router (ASUS, running Merlin) is running an OpenVPN server for me to remote admin the network.
  • Firewall settings are identical between the clients and the server.

BEHAVIOR:
  • Router can ping all clients by IP AND by Local DNS names.
  • When logged into OpenVPN from an external connection, I can ping or RDP into any client (I've made the necessary IP exceptions in each client's firewall to accept 10.0.8.0/24)
  • Clients can ping and RDP the file server
  • Clients' network mounted drive (to the server) continue to work
  • Clients cannot ping OR RDP each other

What hidden settings am I missing here? This worked I think in spring 2023. I never noticed because I'm almost never on site to admin this network and remote access has been stable and working fine....
 
felixdd said:
Note I had this working before but inexplicable this stopped working. I'm blaming Windows 10 update.

Anyways, I have a router with 7 devices in it's LAN. One is a windows 7 file server. The rest are all windows 10.

SETTINGS
  • The router (ASUS, running Merlin) is running an OpenVPN server for me to remote admin the network.
  • Firewall settings are identical between the clients and the server.

BEHAVIOR:
  • Router can ping all clients by IP AND by Local DNS names.
  • When logged into OpenVPN from an external connection, I can ping or RDP into any client (I've made the necessary IP exceptions in each client's firewall to accept 10.0.8.0/24)
  • Clients can ping and RDP the file server
  • Clients' network mounted drive (to the server) continue to work
  • Clients cannot ping OR RDP each other

What hidden settings am I missing here? This worked I think in spring 2023. I never noticed because I'm almost never on site to admin this network and remote access has been stable and working fine....
Click to expand...

Do they work if you try by IP instead of hostname? If so need to look at DNS and what hostname you're using on the router, and whether it is incorrectly resolving to an external IP etc.

Are any of the clients that don't work wireless, if so make sure you haven't enabled AP isolation.
 
Problem is resolved. Something router-related. AP Isolation toggle on the 5GHz radio didn't seem to work no matter whether it was toggled on or off. Disabled 5Ghz and things seem to work now.
 
Last edited:
felixdd said:
Problem is no longer present. Clients can now now ping each other by IP and hostname. I can now RDP between clients as well, both by IP and hostname.

I think the problem is Windows Firewall. I did change the inbound Echo Request rule for ICMPv4 to allow for remote IPs of 192.168.0.0/24, on top of the pre-existing Local Subnet rule. I deleted it though as it didn't do anything.

Next I literally disabled the firewalls on both ends. Ping'd and they worked. This led me to think it's a Windows Firewall problem.

I re-enabled the firewalls on each device. Ping continues to work and RDP works.

So literally was a "did you try to turn it off and on again" fix. Which is disconcerting when that's needed at a software level....
Click to expand...

Yeah when on the local subnet it is just passing through the switch, not much the router could be blocking there (assuming you're not using a guest network).

I haven't toyed with Windows 11 firewall however you most likely need to go in and designate the network as "private" or it will block just about everything. Once your current connections time out, it will probably start blocking them again. If you're set to private, it should allow ping, and probably RDP as well (not positive on that one, you may have to add a rule for RDP but I think it has it built in).
 
drinkingbird said:
Yeah when on the local subnet it is just passing through the switch, not much the router could be blocking there (assuming you're not using a guest network).

I haven't toyed with Windows 11 firewall however you most likely need to go in and designate the network as "private" or it will block just about everything. Once your current connections time out, it will probably start blocking them again. If you're set to private, it should allow ping, and probably RDP as well (not positive on that one, you may have to add a rule for RDP but I think it has it built in).
Click to expand...
That post is deprecated. I was changing too many things at once and eventually realized that the relevant adjustments were me messing with AP isolation and not with firewall.

Sorry. I changed the previous post.
 
Looks like I might be gradually drifting towards needing a reset. This seems like it's going to suck.

www.snbforums.com

2.4ghz devices can't talk to each other, AP isolation appears stuck on, how to disable via SSH?

Asus RT-AC3100, tested on 380.66_6 and 380.68_0 AP isolation = "No" for both 2.4ghz and 5ghz radios I have wired, wireless 2.4ghz, and wireless 5ghz devices on my network 2.4ghz to 2.4ghz device communication fails (destination unreachable), all other combinations work (wired to 2.4, 5 to 2.4...
www.snbforums.com www.snbforums.com
 
felixdd said:
That post is deprecated. I was changing too many things at once and eventually realized that the relevant adjustments were me messing with AP isolation and not with firewall.

Sorry. I changed the previous post.
Click to expand...

You definitely want to be able to use 5ghz. Maybe time to reset everything. Or try rebooting after disabling AP isolation as I believe it doesn't totally clear out until you do.

There are commands you can run via SSH to see status of isolation and enable/disable it if you want to go that deep into it.
 
felixdd said:
Looks like I might be gradually drifting towards needing a reset. This seems like it's going to suck.

www.snbforums.com

2.4ghz devices can't talk to each other, AP isolation appears stuck on, how to disable via SSH?

Asus RT-AC3100, tested on 380.66_6 and 380.68_0 AP isolation = "No" for both 2.4ghz and 5ghz radios I have wired, wireless 2.4ghz, and wireless 5ghz devices on my network 2.4ghz to 2.4ghz device communication fails (destination unreachable), all other combinations work (wired to 2.4, 5 to 2.4...
www.snbforums.com www.snbforums.com
Click to expand...

Depends how much you have customized. Take screenshots and paste sequentially into MS word or similar, and/or copy and paste what you can text wise, it isn't too bad and you may notice a lot of other stuff working better too. Sometimes it is a great way to review the things you've customized and try leaving them at defaults as the reason you changed them may no longer be necessary.
 
You must log in or register to reply here.

Similar threads

M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
333
elorimer
E
url004
NXDOMAIN on server but the router can resolve queries
Replies
1
Views
166
url004
url004
B
No internet after turn on OpenVPN client
Replies
4
Views
426
bluemouseios
B
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
127
MNBob
M
P
dnsmasq custom domain doesn't work on windows 10
Replies
1
Views
223
PickleTickle
P

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 943 (members: 36, guests: 907)
Top