My ERX SFP is an OpenVPN server to two other routers running Tomato. Periodically I can no longer ping the LAN addresses of the client routers, but I can still ping their OpenVPN addresses. Restarting OpenVPN fixes things, but I don't know why this is happening.
In the below, 192.168.1.0/24 is the LAN of one of the client routers, and 10.8.0.3 is that router's OpenVPN tunnel address:
C:\Users\david>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\david>ping 10.8.0.3
Pinging 10.8.0.3 with 32 bytes of data:
Reply from 10.8.0.3: bytes=32 time=54ms TTL=63
Reply from 10.8.0.3: bytes=32 time=53ms TTL=63
Reply from 10.8.0.3: bytes=32 time=59ms TTL=63
Reply from 10.8.0.3: bytes=32 time=53ms TTL=63
Ping statistics for 10.8.0.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 59ms, Average = 54msOpenVPN config:
david@RoutyMcRouterson# show interfaces openvpn vtun0
description "Home VPN Server"
encryption aes256
mode server
openvpn-option --client-to-client
openvpn-option "--keepalive 10 60"
openvpn-option "--comp-lzo adaptive"
openvpn-option "--verb 1"
server {
client parents {
subnet 192.168.1.0/24
}
client rena {
subnet 192.168.10.0/24
}
push-route 192.168.4.0/24
subnet 10.8.0.0/24
}
tls {
ca-cert-file /config/auth/openvpn/DaveServer/ca.crt
cert-file /config/auth/openvpn/DaveServer/RoutyMcRouterson.crt
dh-file /config/auth/openvpn/DaveServer/dh.pem
key-file /config/auth/openvpn/DaveServer/RoutyMcRouterson.key
}
david@RoutyMcRouterson# show protocols static
interface-route 192.168.1.0/24 {
next-hop-interface vtun0 {
description Parents
}
}
interface-route 192.168.3.0/24 {
next-hop-interface vtun1 {
description Meadows
}
}
interface-route 192.168.10.0/24 {
next-hop-interface vtun0 {
description Rena
}
}
Can anyone shed some light on this?