tracker.ca
Occasional Visitor
Long Time user, first time posting.
Today I received a call from a customer reporting that after a small change on the client-side of a routed OpenVPN connection between two offices, he could not ping an address on the server-side that was previously pinging before the restart. (keep in mind that the change is irrelevant to the issue, the trigger was the restart, as the problem was still present after reverting the change).
Topology as follows: 2 x RT-N66U (running .45) with routed OpenVPN (different subnets) on each side. Always worked, reconnects really fast. Never had issues before.
Usually, this customer has a ping going from one side to the other (usually a server or some other equipment with a fixed IP) to confirm that the VPN came back after a reboot. Today it didn't. After a couple of reboots on both sides, it came back and everything was working.
I have the same topology for my office/home-office (two locations, 2 x RT-AC56U with .49_4) so I decided to do some tests, as I didn't quite understood what had just happened to my customer.
What I found was quite puzzling:
If I had a ping going from one side of the VPN to the other (no matter the direction) and restarted one of the routers, the ping stopped working and didn't come back when the WAN/VPN reconnected.
While the fist ping was still NOT working (and the VPN confirmed to be up and working) I could ping another computer and it worked, but only if I started pinging it AFTER the VPN had reconnected.
I have also tried pinging 5 different computers at the same time and they all stopped responding upon VPN reconnection. Again, when I tried to ping a new one it worked!
The kick is that if I stopped pinging a computer for about a minute and started again, it worked. Same kind of behavior using ping from command prompt or a dedicated tool like pingplotter (Windows)
Pinging an address reachable through the WAN doesn't exhibit the same kind of problem (pinging comes back after the restart).
As far as I can remember, this trick of pinging through the VPN has always worked without this "Cooldown" period... can't tell if it is something related to firmware version (started using Merlin on .40; before that was using DD-WRT since forever) or other changes (Windows recent bug???)
Did anyone experience the same kind of issue or have an idea of what is going on?
Any suggestion on a troubleshooting path?
Thanks
Today I received a call from a customer reporting that after a small change on the client-side of a routed OpenVPN connection between two offices, he could not ping an address on the server-side that was previously pinging before the restart. (keep in mind that the change is irrelevant to the issue, the trigger was the restart, as the problem was still present after reverting the change).
Topology as follows: 2 x RT-N66U (running .45) with routed OpenVPN (different subnets) on each side. Always worked, reconnects really fast. Never had issues before.
Usually, this customer has a ping going from one side to the other (usually a server or some other equipment with a fixed IP) to confirm that the VPN came back after a reboot. Today it didn't. After a couple of reboots on both sides, it came back and everything was working.
I have the same topology for my office/home-office (two locations, 2 x RT-AC56U with .49_4) so I decided to do some tests, as I didn't quite understood what had just happened to my customer.
What I found was quite puzzling:
If I had a ping going from one side of the VPN to the other (no matter the direction) and restarted one of the routers, the ping stopped working and didn't come back when the WAN/VPN reconnected.
While the fist ping was still NOT working (and the VPN confirmed to be up and working) I could ping another computer and it worked, but only if I started pinging it AFTER the VPN had reconnected.
I have also tried pinging 5 different computers at the same time and they all stopped responding upon VPN reconnection. Again, when I tried to ping a new one it worked!
The kick is that if I stopped pinging a computer for about a minute and started again, it worked. Same kind of behavior using ping from command prompt or a dedicated tool like pingplotter (Windows)
Pinging an address reachable through the WAN doesn't exhibit the same kind of problem (pinging comes back after the restart).
As far as I can remember, this trick of pinging through the VPN has always worked without this "Cooldown" period... can't tell if it is something related to firmware version (started using Merlin on .40; before that was using DD-WRT since forever) or other changes (Windows recent bug???)
Did anyone experience the same kind of issue or have an idea of what is going on?
Any suggestion on a troubleshooting path?
Thanks
