Score:0

SSH times out over OpenVPN until destination is ping'ed

ng flag

I have what seems like a pretty textbook setup with OpenVPN. On the server side I am exposing the LAN to the remote clients and pushing a route. I've got my static route in the server-side gateway pointing requests bound for the VPN subnet to the OpenVPN Server, etc.

I keep having flaky behavior, though. For instance, a lot of times ssh connections from the vpn client to machines on the OpenVPN server's LAN timeout. I can fairly repeatably get them to timeout until I've pinged the destination once. Each time I do that, the first ping times out, subsequent pings succeed, and then I can ssh.

I've tried using the OpenVPN 2.4 server that comes with LinuxMint 20.1 (the distro on the Server) and I've tried OpenVPN 2.5.6 compiled from source and I seem to get the same results.

Here's my setup for reference:

Server's LAN

Gateway: 192.168.1.1 - has static route [ 10.8.0.0/24 via 192.168.1.31 ]
OpenVPN Server: 192.168.1.31
    - ipv4 forwarding on
    - promisc mode on for LAN interface
    - ufw configured to allow all to ports 1194/udp, 22/tcp, and forwarding in both directions between tun0 and LAN interface)
192.168.1.121 - my daily driver (Linux) with SSH on - no firewall rules defined
192.168.1.16 - another Linux box with SSH on - no firewall rules defined
192.168.1.17 - a Windows 10 box with remote desktop enabled and the windows firewall turned off

Client LAN

Network Address: 192.168.11.0/24
1 Linux Client on DHCP
1 Windows Client on DHCP

The boxes with the IP's 192.168.1.16 and 192.168.1.121 are the ones I'm trying to connect to from the VPN client and are exhibiting the above behavior.

Another bit of weirdness is that when trying to use rdesktop to connect to the RDP on 192.168.1.17, a Linux VPN Client consistently has a GnuTLS timeout and fails. A Windows VPN client with the exact same VPN config consistently works to connect to RDP on that box.

I would be glad to post any config files or command outputs that are relevant, but I didn't want to just dump all of them up here initially as they are very lengthy and I wondered if someone else had run into this before. My OpenVPN config files are mostly defaults with just the normal stuff set - key names, remote IP of the VPN Server, the push "route..." directive, etc.

djdomi avatar
za flag
if putty is been used, enabling the keep alive function in the settings
Score:0
ng flag

OK, I found the problem. It turns out that I had a mistake in my client config file. In the server config file I had compression disabled. I thought I had done so in the client, but reading back through the config for the hundredth time I noticed that I had uncommented the comp-lzo line but had failed to append "no" to it.

I guess I seems weird that it worked at all with compression disabled in the server config but not in the client, but getting that part right seems to have fixed the weird problems.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.