Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Added an interface and lost connection to 2 routers

    OpenVPN
    3
    4
    453
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kakerstrom
      last edited by

      Hello,

      I was writing a different post when I tried something and stumbled into a much bigger issue...

      I have 2 routers. Both are configured as OpenVPN servers, and one is connected to the other as a client. I'll call them Router S (for Server) and Router C (for Client).

      Long story short, I added an Interface on Router C corresponding to its OpenVPN Server, and now I can't ping either router.
      I can still connect to both VPNs, but I can't ping either router. This is especially an issue for me as I cannot physically access either device.
      I have tried pinging the LAN Interface IP and the Tunnel Interface IP on both routers with no success.

      Is it possible at this point for me to gain access to either router remotely? Please let me know if more information is required.

      1 Reply Last reply Reply Quote 0
      • G
        gianeshwar0201
        last edited by

        I have the similar issue after upgrading to 21.02.2 version on my Negate SG-5100. Prior to upgrade all OpenVPN connections were working fine. After upgrade only one VPN connection is working, other is connected by no traffic passing.

        1 Reply Last reply Reply Quote 0
        • K
          kakerstrom
          last edited by

          Quick update on my situation: We were able to get access through a side-channel to the router and delete the offending Interface (restarting both routers was also required).

          For anyone else in this situation that may not be able to get access through another device on the LAN, you might want to look into getting HTTPS and/or SSH access over WAN. This may require port forwarding, and in our case we had an HTTP_REFERER error with HTTPS that required SSH access to disable, and unfortunately we had SSH disabled on the router.

          S 1 Reply Last reply Reply Quote 1
          • S
            SteveITS Rebel Alliance @kakerstrom
            last edited by

            @kakerstrom Interesting, I recently set up a Hurricane Electric IPv6 tunnel which involves adding an interface. I was already connected to the web GUI via a PC on LAN. Routing out from the PC over IPv6 actually worked but I found I couldn't ping or DNS query the new LAN IPv6 until I restarted the router. Firewall rules seemed to be ignored as the default block rule was triggering. Sounds like you restarted after removing the interface? Would have been interesting to know if restarting first would have fixed it for you...

            For client/remote routers we usually allow GUI and/or SSH access from our IP, either on WAN or if they have a web server one can NAT forward WANIP:50443->LANIP:443 (still limited by source IP). Also re: referrers, in System/Advanced/Admin Access, set "Alternate Hostnames," for instance add the WAN IP or hostnames.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.