Unable to ping individual host behind Peer to Peer
-
Hi, everyone. Any help is greatly appreciated.
I have a functional site-to-site OpenVPN connection using SSL / TLS with only one server (Site A 10.10.10.0/24) and client (Site B 10.10.20.0/24) at the moment.
Everything is working fine, except one individual and critical IP device (10.10.20.9) is inaccessible over the tunnel . All other devices within the Site B subnet respond to ping as expected from outside.
This device responds to ping on the LAN interface on router B, but the packets drop when I test from the OpenVPN tunnel interface. This is also where the traceroute stops when testing externally. I can ping 10.10.20.9 from within the Site B LAN, so I know it accepts ping.
The Site B LAN ARP table does not include 10.10.20.9's MAC with the rest of the local link devices, but as soon as I try to ping it from Site A, it populates, even though the ping fails.
Why would this individual network device behave abnormally when everything else works?
It seems like the Site B tunnel endpoint is unaware of this device, even though it's in the same subnet and reserved within the LAN subnet.
Thank you!
-
@racefun
Windows firewall? -
@jarhead
It's not a Windows device. It's an obscure little VoIP box. All Layer 3 from what I can tell. -
@racefun What's it's gateway set to?
-
@jarhead
10.10.20.1
The IP is a reservation from the router. -
@racefun So start checking your rules to make sure that IP isn't involved where it shouldn't be. If you can, changing the IP of the device would be a quick way of proving this.
-
@jarhead
I appreciate your help, but there are no static routes for this IP, nor anything outside of the normal subnet routes that the OpenVPN configuration has set up.I just changed the IP of the box to 10.10.20.250 and the same behavior is happening: ping via LAN interface works, and nothing externally.
-
@racefun Not routes. RULES.
Do you have any floating rules by any chance?
