On 7/6/24 17:02, Rodney W. Grimes wrote:
Are you pinging the inside or outside address of the vpn?
If you cant even ping the outside IP of a VPN you have
basic connectivity problems that must be fixed before even
attempting a VPN.
I'll recap:
I've got two hosts: A and B, which are in differnt sites, connected to
the Internet with different ISPs.
Pinging B's public IP from A's public IP, and vice versa, works, as does
any other TCP based protocol (http, ssh, etc...); I have no UDP based
protocol to test with; if it's needed I'll try and setup some.
There's an UDP based OpenVPN tunnel originating from host A to host B:
usually it works perfectly, but once in a few months it stops (and will
usually start working again after some days/weeks).
Other similar VPNs, which are present on both hosts, keep working.
When the VPN does not work, packets do flow in one direction inside the
tunnel from A to B. From B to A, they do seem to exit the tunnel from
host B (according to tcpdump), but they never get to host A.
It's not an MTU problem, as I tried ping, which uses very small packets.
It's almost surely due to a problem with the UDP packets that implement
the VPN: again, according to tcpdump they go out host B, but never reach
host A.
I tried stopping OpenVPN and starting it again: I got inconsistent
results and need to investigate better; in any case it doesn't help.
Moving the VPN to a different port on host B allowed it to start working
again, but only for a few hours. After this time, the UDP packets from B
to A were getting lost again.
I can't reboot these hosts freely: it would help to check if any of them
is the culprit or if it could be some router in the middle.
I have no access to any router between A and B, but I'd be suprised they
would drop such packets.
Now the VPN is working, again I don't know why, so I can't conduct any
more test.
I'm sure it will happen again, maybe in a few months.
bye & Thanks
av.
