Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No route to specific public subnet

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 450 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nicklas 0
      last edited by Nicklas 0

      I have a setup with three sites. A, B and C.
      Open VPN tunnel between A<--->B and A<--->C
      I have had the same setup for years. A and C have static public IP-address while B have DHCP IP-address. ISP is same on all sites

      Yesterday I noticed that tunnel A<--->B was down and I started troubleshhoting just to find out the issue is not a related to VPN .

      I have added a rule to enable ICMP on all sites just for debugging.

      Results for Ping with packet capture
      Ping public ip-address A from site B :

      I can see incoming ICMP-request from site B at site A using "packet capture":
      15:07:40.642346 IP xx.xx.126.245 > xx.xxx.183.90: ICMP echo request, id 36237, seq 744, length 40
      15:07:40.642366 IP xx.xxx.183.90 > xx.xx.126.245: ICMP echo reply, id 36237, seq 744, length 40

      At site B packet capture there is only the request visible:
      15:08:22.113115 IP xx.xx.126.245 > xx.xxx.183.90: ICMP echo request, id 65007, seq 748, length 40

      I can see in the firewall system logs that the ICMP request from B is accepted at site A.

      Ping public ip-address B from site A :
      No packets captured at B
      At site A:
      15:42:58.854352 IP xx.xxx.183.90 > xx.xx.126.245: ICMP echo request, id 57772, seq 0, length 64

      Between A and C and B and C, I can ping in both directions.

      Resultes for Traceroute:
      I have tried traceroute and if I do a traceroute from WAN-IP at A to WAN-IP at B, traceroute only succeed one hop

      *1 h-xxx-xxx-183-89.NA.cust.bahnhof.se (xxx.xxx.183.89) 28.152 ms 48.378 ms 41.367 ms
      2 * * **
      3 * * *
      and so on....

      If I do a traceroute to WAN-IP at C or any other public IP, I do not see this problem

      Any suggestions how to troubleshoot further?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Nicklas 0
        last edited by

        @nicklas-0 said in No route to specific public subnet:

        I have tried traceroute and if I do a traceroute from WAN-IP at A to WAN-IP at B, traceroute only succeed one hop
        *1 h-xxx-xxx-183-89.NA.cust.bahnhof.se (xxx.xxx.183.89) 28.152 ms 48.378 ms 41.367 ms
        2 * * **

        And what is this first hop?
        If it's your ISP you should tell him this story. I'm afraid, we are not able to help you in this case.

        N 1 Reply Last reply Reply Quote 1
        • N
          Nicklas 0 @viragomann
          last edited by

          @viragomann Well it is the ISP (Bahnhof, Sweden) Gateway.
          However, they claim they can ping my site B from their gateway.
          I have asked a friend sitting on the same fiber infrastructure and the same ISP as my site A, to to some tests and the result is the same so everything towards my ISP.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Nicklas 0
            last edited by

            @nicklas-0
            Since your router sends packets destined to B to the ISP gateway, it's on the ISP to route them forwards properly.
            And since A and B are within the same ISP network, it might be one of his devices where the packets get stuck.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.