Just as a note, iptables-save *does* show the current rule set, just in a format that's parseable by iptables-restore.
On Tue, Aug 25, 2015 at 2:24 PM Jan Just Keijser <janj...@nikhef.nl> wrote: > On 25/08/15 19:55, Tiago Vasconcelos wrote: > > Hi Jan > > > > On 25-08-2015 17:25, Jan Just Keijser wrote: > >> your VPN IP range seems to be 172.31.0.x ? if so, try SSH'ing to the > >> VPN IP of the server (normally 172.31.0.1) . > >> Also, what does a traceroute to 192.168.1.2 give ? > > The server has got the address 172.31.0.1 indeed. SSH'ing to this > > address from the client doesn't work either, but ICMP pinging works! > > > > Again, the SYN can be seen arriving to tun0 on the server, but no > > SYN-ACK is sent back. Exactly the same behaviour as when connecting to > > the LAN-facing server address 192.168.1.2. > > > > A MTR to 192.168.1.2 from the client shows one hop: > > > > $ mtr -n -r 192.168.1.2 > > Start: Tue Aug 25 18:45:14 2015 > > HOST: MyRouter Loss% Snt Last Avg Best Wrst StDev > > 1.|-- 192.168.1.2 0.0% 10 114.8 100.0 76.7 124.2 17.6 > > > > > OK, 99% certain that it is a firewall issue; can you run > iptables -L -n -v > and post the (sanitized) output; iptables-save might not show any rules, > but this command will list the **current** rule set. > > also, how about selinux? is that enabled or set to enforcing? try > setting it to permissive. > > HTH, > > JJK > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users >
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users