Eric Yau
2016-Feb-12 15:51 UTC
Tinc Router Mode - PING RESULT is destination host unreachable
Hi All, I am trying to setup the site-to-site VPN with TINC for connect my home network to company network. Here is the IP allocation and configuration for your reference. Home PC (192.168.1.2) ?-----? Home (OPENWRT Router, 192.168.1.1, 10.0.0.1) ?----------------? INTERNET ?-------------? COMPANY (Windows 7 PC,192.168.2.1, 10.0.0.2) ?------------? COMPANY (SERVER ZONE) ?----? SERVER A (192.168.3.1) Question: On home side (OpenWrt Router) and company side (Windows 7 PC), I can ping all the IP addresses. But on Home PC (Behind the OPENWRT Router), I cannot ping to Company (Windows 7 PC) and Company (Server A). The PING RESULT is destination host unreachable. Any idea about that? IP Allocation - LAN a. Home ? 192.168.1.0/24 b. Company ? 192.168.2.0/24 c. Company (Server zone)? 192.168.3.0/24 IP Allocation ? LAN (TINC Server) a. Home ? TINC:10.0.0.1/32, LAN:192.168.1.1/32 (OpenWrt Router) b. Company ? TINC:10.0.0.2/32, LAN:192.168.2.1/32 (Windows 7 PC) TINC Configuration ? Home (OpenWrt Router) Tinc.conf name=Home Interface=tinc0 PrivateKeyFile=/etc/tinc/Home/rsa_key.priv Mode=router KeyExpire=3600 AddressFamily=ipv4 ProcessPriority=normal PingTimeOut=5 PingInterval=60 Tinc-up ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0 route add -net 192.168.2.0 netmask 255.255.255.0 dev tinc0 route add -net 192.168.3.0 netmask 255.255.255.0 dev tinc0 home/hosts/Home Address=Home Subnet=10.0.0.1/32 Subnet=192.168.1.0/24 -----BEGIN RSA PUBLIC KEY----- xxx -----END RSA PUBLIC KEY----- Home/hosts/company Address=company Subnet=10.0.0.2/32 Subnet=192.168.2.0/24 Subnet=192.168.3.0/24 -----BEGIN RSA PUBLIC KEY----- xxx -----END RSA PUBLIC KEY----- Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tinc0 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tinc0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan TINC Configuration ? Company (Windows 7 PC) C:\PROGRAM FILES\tinc\Home\Tinc.conf name=Home Interface=tinc0 PrivateKeyFile=C:\PROGRAM FILES\tinc\Home\rsa_key.priv Mode=router KeyExpire=3600 AddressFamily=ipv4 ProcessPriority=normal PingTimeOut=5 PingInterval=60 C:\PROGRAM FILES\tinc\Home\hosts\Home Address=home.publicip.net Subnet=10.0.0.1/32 Subnet=192.168.1.0/24 -----BEGIN RSA PUBLIC KEY----- xxx -----END RSA PUBLIC KEY----- C:\PROGRAM FILES\tinc\Home\hosts\company Address=company Subnet=10.0.0.2/32 Subnet=192.168.2.0/24 Subnet=192.168.3.0/24 -----BEGIN RSA PUBLIC KEY----- xxx -----END RSA PUBLIC KEY----- IPv4 Route Table ============================================================================================ Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 26 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 10.0.0.2 31 192.168.1.255 255.255.255.255 On-link 10.0.0.2 286 192.168.2.0 255.255.255.0 On-link 192.168.2.1 31 192.168.2.255 255.255.255.255 On-link 192.168.2.1 31 192.168.2.1 255.255.255.255 On-link 192.168.2.1 286 ============================================================================================ Regards, Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160212/2cd07b09/attachment-0001.html>
Lars Kruse
2016-Feb-12 17:24 UTC
Tinc Router Mode - PING RESULT is destination host unreachable
Hi Eric, Am Fri, 12 Feb 2016 23:51:59 +0800 schrieb Eric Yau <ericyaukhy at hotmail.com>:> [..] > Question: On home side (OpenWrt Router) and company side (Windows 7 PC), I > can ping all the IP addresses. But on Home PC (Behind the OPENWRT Router), I > cannot ping to Company (Windows 7 PC) and Company (Server A). The PING > RESULT is destination host unreachable. Any idea about that?at this point I would usually try to find out the following details: * does the ping packet reach its target? * does the request packet contain the expected source address? * is a response packet generated? * does the response packet go through the expected stations? All of the above questions can be answered by running tcpdump (e.g. "tcpdump -ni any icmp") on the machine in question. It will probably boil down to a routing/nat or a firewall (iptables) issue, I guess. The "destination host unreachable" error message should indicate which host fails or refuses to deliver the packet. Cheers, Lars
Ramses
2016-Feb-12 17:34 UTC
Tinc Router Mode - PING RESULT is destination host unreachable
El 12 de febrero de 2016 16:51:59 CET, Eric Yau <ericyaukhy at hotmail.com> escribi?:>Hi All, > > > >I am trying to setup the site-to-site VPN with TINC for connect my home >network to company network. Here is the IP allocation and configuration >for >your reference. > > > >Home PC (192.168.1.2) ?-----? Home (OPENWRT Router, 192.168.1.1, >10.0.0.1) >?----------------? INTERNET ?-------------? COMPANY (Windows 7 >PC,192.168.2.1, 10.0.0.2) ?------------? COMPANY (SERVER ZONE) ?----? >SERVER >A (192.168.3.1) > > > >Question: On home side (OpenWrt Router) and company side (Windows 7 >PC), I >can ping all the IP addresses. But on Home PC (Behind the OPENWRT >Router), I >cannot ping to Company (Windows 7 PC) and Company (Server A). The PING >RESULT is destination host unreachable. Any idea about that? > > > >IP Allocation - LAN > >a. Home ? 192.168.1.0/24 > >b. Company ? 192.168.2.0/24 > >c. Company (Server zone)? 192.168.3.0/24 > > > >IP Allocation ? LAN (TINC Server) > >a. Home ? TINC:10.0.0.1/32, LAN:192.168.1.1/32 (OpenWrt Router) > >b. Company ? TINC:10.0.0.2/32, LAN:192.168.2.1/32 (Windows 7 PC) > > > >TINC Configuration ? Home (OpenWrt Router) > > > >Tinc.conf > >name=Home > >Interface=tinc0 > >PrivateKeyFile=/etc/tinc/Home/rsa_key.priv > >Mode=router > >KeyExpire=3600 > >AddressFamily=ipv4 > >ProcessPriority=normal > >PingTimeOut=5 > >PingInterval=60 > > > >Tinc-up > >ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0 > >route add -net 192.168.2.0 netmask 255.255.255.0 dev tinc0 > >route add -net 192.168.3.0 netmask 255.255.255.0 dev tinc0 > > > >home/hosts/Home > >Address=Home > >Subnet=10.0.0.1/32 > >Subnet=192.168.1.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >Home/hosts/company > >Address=company > >Subnet=10.0.0.2/32 > >Subnet=192.168.2.0/24 > >Subnet=192.168.3.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >Kernel IP routing table > >Destination Gateway Genmask Flags Metric Ref Use >Iface > >0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 >br-lan > >192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 > 0 >tinc0 > >192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 > 0 >tinc0 > >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 >br-lan > > > >TINC Configuration ? Company (Windows 7 PC) > > > >C:\PROGRAM FILES\tinc\Home\Tinc.conf > >name=Home > >Interface=tinc0 > >PrivateKeyFile=C:\PROGRAM FILES\tinc\Home\rsa_key.priv > >Mode=router > >KeyExpire=3600 > >AddressFamily=ipv4 > >ProcessPriority=normal > >PingTimeOut=5 > >PingInterval=60 > > > >C:\PROGRAM FILES\tinc\Home\hosts\Home > >Address=home.publicip.net > >Subnet=10.0.0.1/32 > >Subnet=192.168.1.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >C:\PROGRAM FILES\tinc\Home\hosts\company > >Address=company > >Subnet=10.0.0.2/32 > >Subnet=192.168.2.0/24 > >Subnet=192.168.3.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >IPv4 Route Table > >===========================================================================>=================> >Active Routes: > >Network Destination Netmask Gateway >Interface Metric > >0.0.0.0 0.0.0.0 192.168.1.1 >192.168.1.2 281 > >127.0.0.0 255.0.0.0 On-link >127.0.0.1 26 > >127.0.0.1 255.255.255.255 On-link >127.0.0.1 306 > >127.255.255.255 255.255.255.255 On-link >127.0.0.1 306 > >255.255.255.255 255.255.255.255 On-link >127.0.0.1 306 > >192.168.1.0 255.255.255.0 On-link >10.0.0.2 31 > >192.168.1.255 255.255.255.255 On-link >10.0.0.2 286 > >192.168.2.0 255.255.255.0 On-link >192.168.2.1 31 > >192.168.2.255 255.255.255.255 On-link >192.168.2.1 31 > >192.168.2.1 255.255.255.255 On-link >192.168.2.1 286 > >===========================================================================>=================> > > >Regards, > >Eric > > > >------------------------------------------------------------------------ > >_______________________________________________ >tinc mailing list >tinc at tinc-vpn.org >http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tincHi Eric, Where is the ConnecTo parameter in the tinc.conf configuration files? Regards, Ramses
Eric Yau
2016-Feb-13 16:37 UTC
Tinc Router Mode - PING RESULT is destination host unreachable
Here is the ConnectTo parameter for your info. Due to my company has firewall to block the incoming connection and NAT, so I just can use my company PC to initial connect to my home network. Home/hosts/company ConnectTo=Home Address=company Subnet=10.0.0.2/32 Subnet=192.168.2.0/24 Subnet=192.168.3.0/24 -----Original Message----- From: Ramses [mailto:ramses.sevilla at gmail.com] Sent: Saturday, February 13, 2016 1:34 AM To: tinc at tinc-vpn.org Subject: Re: Tinc Router Mode - PING RESULT is destination host unreachable El 12 de febrero de 2016 16:51:59 CET, Eric Yau <ericyaukhy at hotmail.com> escribi?:>Hi All, > > > >I am trying to setup the site-to-site VPN with TINC for connect my home >network to company network. Here is the IP allocation and configuration >for your reference. > > > >Home PC (192.168.1.2) ?-----? Home (OPENWRT Router, 192.168.1.1, >10.0.0.1) >?----------------? INTERNET ?-------------? COMPANY (Windows 7 >PC,192.168.2.1, 10.0.0.2) ?------------? COMPANY (SERVER ZONE) ?----? >SERVER A (192.168.3.1) > > > >Question: On home side (OpenWrt Router) and company side (Windows 7 >PC), I can ping all the IP addresses. But on Home PC (Behind the >OPENWRT Router), I cannot ping to Company (Windows 7 PC) and Company >(Server A). The PING RESULT is destination host unreachable. Any idea >about that? > > > >IP Allocation - LAN > >a. Home ? 192.168.1.0/24 > >b. Company ? 192.168.2.0/24 > >c. Company (Server zone)? 192.168.3.0/24 > > > >IP Allocation ? LAN (TINC Server) > >a. Home ? TINC:10.0.0.1/32, LAN:192.168.1.1/32 (OpenWrt Router) > >b. Company ? TINC:10.0.0.2/32, LAN:192.168.2.1/32 (Windows 7 PC) > > > >TINC Configuration ? Home (OpenWrt Router) > > > >Tinc.conf > >name=Home > >Interface=tinc0 > >PrivateKeyFile=/etc/tinc/Home/rsa_key.priv > >Mode=router > >KeyExpire=3600 > >AddressFamily=ipv4 > >ProcessPriority=normal > >PingTimeOut=5 > >PingInterval=60 > > > >Tinc-up > >ifconfig $INTERFACE 10.0.0.1 netmask 255.255.255.0 > >route add -net 192.168.2.0 netmask 255.255.255.0 dev tinc0 > >route add -net 192.168.3.0 netmask 255.255.255.0 dev tinc0 > > > >home/hosts/Home > >Address=Home > >Subnet=10.0.0.1/32 > >Subnet=192.168.1.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >Home/hosts/company > >Address=company > >Subnet=10.0.0.2/32 > >Subnet=192.168.2.0/24 > >Subnet=192.168.3.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >Kernel IP routing table > >Destination Gateway Genmask Flags Metric Ref Use >Iface > >0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 >br-lan > >192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 > 0 >tinc0 > >192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 > 0 >tinc0 > >192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 >br-lan > > > >TINC Configuration ? Company (Windows 7 PC) > > > >C:\PROGRAM FILES\tinc\Home\Tinc.conf > >name=Home > >Interface=tinc0 > >PrivateKeyFile=C:\PROGRAM FILES\tinc\Home\rsa_key.priv > >Mode=router > >KeyExpire=3600 > >AddressFamily=ipv4 > >ProcessPriority=normal > >PingTimeOut=5 > >PingInterval=60 > > > >C:\PROGRAM FILES\tinc\Home\hosts\Home > >Address=home.publicip.net > >Subnet=10.0.0.1/32 > >Subnet=192.168.1.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >C:\PROGRAM FILES\tinc\Home\hosts\company > >Address=company > >Subnet=10.0.0.2/32 > >Subnet=192.168.2.0/24 > >Subnet=192.168.3.0/24 > > > >-----BEGIN RSA PUBLIC KEY----- > >xxx > >-----END RSA PUBLIC KEY----- > > > >IPv4 Route Table > >======================================================================>====>=================> >Active Routes: > >Network Destination Netmask Gateway >Interface Metric > >0.0.0.0 0.0.0.0 192.168.1.1 >192.168.1.2 281 > >127.0.0.0 255.0.0.0 On-link >127.0.0.1 26 > >127.0.0.1 255.255.255.255 On-link >127.0.0.1 306 > >127.255.255.255 255.255.255.255 On-link >127.0.0.1 306 > >255.255.255.255 255.255.255.255 On-link >127.0.0.1 306 > >192.168.1.0 255.255.255.0 On-link >10.0.0.2 31 > >192.168.1.255 255.255.255.255 On-link >10.0.0.2 286 > >192.168.2.0 255.255.255.0 On-link >192.168.2.1 31 > >192.168.2.255 255.255.255.255 On-link >192.168.2.1 31 > >192.168.2.1 255.255.255.255 On-link >192.168.2.1 286 > >======================================================================>====>=================> > > >Regards, > >Eric > > > >----------------------------------------------------------------------- >- > >_______________________________________________ >tinc mailing list >tinc at tinc-vpn.org >http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tincHi Eric, Where is the ConnecTo parameter in the tinc.conf configuration files? Regards, Ramses
Eric Yau
2016-Feb-13 17:26 UTC
Tinc Router Mode - PING RESULT is destination host unreachable
Hi Lars, I have no experience to use tcpdump, here is the output from TCPdump for your reference. Any idea? Use my home PC to ping company PC 01:00:25.154706 ethertype IPv4, IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.154706 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.154706 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.155177 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19786 unreachable, length 68 01:00:25.155225 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19786 unreachable, length 68 01:00:26.157248 ethertype IPv4, IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 18, length 40 01:00:26.157248 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 18, length 40 01:00:26.157248 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 18, length 40 01:00:26.157711 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19785 unreachable, length 68 01:00:26.157756 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19785 unreachable, length 68 01:00:27.159698 ethertype IPv4, IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 19, length 40 01:00:27.159698 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 19, length 40 01:00:27.159698 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 19, length 40 01:00:27.160165 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19784 unreachable, length 68 01:00:27.160211 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19784 unreachable, length 68 01:00:28.163041 ethertype IPv4, IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 20, length 40 01:00:28.163041 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 20, length 40 01:00:28.163041 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 20, length 40 01:00:28.163506 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19783 unreachable, length 68 01:00:28.163551 IP 192.168.1.1 > 192.168.1.2: ICMP 10.0.0.2 protocol 1 port 19783 unreachable, length 68 01:00:30.557443 ethertype IPv4, IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 21, length 40 01:00:30.557443 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 21, length 40 01:00:30.557443 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 21, length 40 01:00:30.557881 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 21, length 40 01:00:30.557927 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 21, length 40 01:00:31.560697 ethertype IPv4, IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 22, length 40 01:00:31.560697 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 22, length 40 01:00:31.560697 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 22, length 40 01:00:31.561039 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 22, length 40 01:00:31.561079 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 22, length 40 01:00:32.565071 ethertype IPv4, IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 23, length 40 01:00:32.565071 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 23, length 40 01:00:32.565071 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 23, length 40 01:00:32.565410 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 23, length 40 01:00:32.565451 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 23, length 40 01:00:33.569452 ethertype IPv4, IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 24, length 40 01:00:33.569452 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 24, length 40 01:00:33.569452 IP 192.168.1.2 > 10.0.0.1: ICMP echo request, id 1, seq 24, length 40 01:00:33.569877 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 24, length 40 01:00:33.569918 IP 10.0.0.1 > 192.168.1.2: ICMP echo reply, id 1, seq 24, length 40 01:00:35.242556 ethertype IPv4, IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 25, length 40 01:00:35.242556 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 25, length 40 01:00:35.242556 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 25, length 40 01:00:35.243018 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19778 unreachable, length 68 01:00:35.243063 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19778 unreachable, length 68 01:00:36.244070 ethertype IPv4, IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 26, length 40 01:00:36.244070 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 26, length 40 01:00:36.244070 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 26, length 40 01:00:36.244548 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19777 unreachable, length 68 01:00:36.244593 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19777 unreachable, length 68 01:00:37.246363 ethertype IPv4, IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 27, length 40 01:00:37.246363 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 27, length 40 01:00:37.246363 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 27, length 40 01:00:37.246823 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19776 unreachable, length 68 01:00:37.246868 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19776 unreachable, length 68 01:00:38.248812 ethertype IPv4, IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 28, length 40 01:00:38.248812 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 28, length 40 01:00:38.248812 IP 192.168.1.2 > 192.168.2.1: ICMP echo request, id 1, seq 28, length 40 01:00:38.249276 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19775 unreachable, length 68 01:00:38.249322 IP 192.168.1.1 > 192.168.1.2: ICMP 192.168.2.1 protocol 1 port 19775 unreachable, length 68 Use OpenWrt router to ping 01:17:15.231056 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:16.555266 IP 10.0.0.1 > 10.0.0.1: ICMP echo request, id 24869, seq 0, length 64 01:17:16.555514 IP 10.0.0.1 > 10.0.0.1: ICMP echo reply, id 24869, seq 0, length 64 01:17:16.590838 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:17.556106 IP 10.0.0.1 > 10.0.0.1: ICMP echo request, id 24869, seq 1, length 64 01:17:17.556345 IP 10.0.0.1 > 10.0.0.1: ICMP echo reply, id 24869, seq 1, length 64 01:17:17.775263 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:17.783452 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:18.556830 IP 10.0.0.1 > 10.0.0.1: ICMP echo request, id 24869, seq 2, length 64 01:17:18.557059 IP 10.0.0.1 > 10.0.0.1: ICMP echo reply, id 24869, seq 2, length 64 01:17:19.557536 IP 10.0.0.1 > 10.0.0.1: ICMP echo request, id 24869, seq 3, length 64 01:17:19.557777 IP 10.0.0.1 > 10.0.0.1: ICMP echo reply, id 24869, seq 3, length 64 01:17:20.295382 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:20.310048 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:21.512500 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:21.653524 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:21.669882 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:22.772178 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:24.715863 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 25125, seq 0, length 64 01:17:24.867369 IP 10.0.0.2 > 10.0.0.1: ICMP echo reply, id 25125, seq 0, length 64 01:17:24.880975 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:25.721487 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 25125, seq 1, length 64 01:17:25.838114 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:25.840444 IP 10.0.0.2 > 10.0.0.1: ICMP echo reply, id 25125, seq 1, length 64 01:17:25.848984 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:26.721920 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 25125, seq 2, length 64 01:17:26.775946 IP 10.0.0.2 > 10.0.0.1: ICMP echo reply, id 25125, seq 2, length 64 01:17:27.722331 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 25125, seq 3, length 64 01:17:27.817985 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:27.823082 IP 10.0.0.2 > 10.0.0.1: ICMP echo reply, id 25125, seq 3, length 64 01:17:31.580234 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:31.595471 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:31.640342 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:33.970715 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:33.978216 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:36.479992 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:36.645113 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:17:37.717665 IP 10.0.0.1 > 192.168.2.1: ICMP echo request, id 25381, seq 0, length 64 01:17:37.915851 IP 192.168.2.1 > 10.0.0.1: ICMP echo reply, id 25381, seq 0, length 64 01:17:38.718179 IP 10.0.0.1 > 192.168.2.1: ICMP echo request, id 25381, seq 1, length 64 01:17:38.805564 IP 192.168.2.1 > 10.0.0.1: ICMP echo reply, id 25381, seq 1, length 64 01:17:39.718578 IP 10.0.0.1 > 192.168.2.1: ICMP echo request, id 25381, seq 2, length 64 01:17:39.804755 IP 192.168.2.1 > 10.0.0.1: ICMP echo reply, id 25381, seq 2, length 64 01:17:40.718980 IP 10.0.0.1 > 192.168.2.1: ICMP echo request, id 25381, seq 3, length 64 01:17:40.802417 IP 192.168.2.1 > 10.0.0.1: ICMP echo reply, id 25381, seq 3, length 64 01:17:48.361731 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 0, length 64 01:17:48.361801 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 0, length 64 01:17:48.363071 ethertype IPv4, IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 0, length 64 01:17:48.363071 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 0, length 64 01:17:48.363071 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 0, length 64 01:17:49.362327 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 1, length 64 01:17:49.362391 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 1, length 64 01:17:49.363405 ethertype IPv4, IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 1, length 64 01:17:49.363405 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 1, length 64 01:17:49.363405 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 1, length 64 01:17:50.362884 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 2, length 64 01:17:50.362952 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 2, length 64 01:17:50.364043 ethertype IPv4, IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 2, length 64 01:17:50.364043 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 2, length 64 01:17:50.364043 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 2, length 64 01:17:51.363467 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 3, length 64 01:17:51.363533 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 25637, seq 3, length 64 01:17:51.364624 ethertype IPv4, IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 3, length 64 01:17:51.364624 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 3, length 64 01:17:51.364624 IP 192.168.1.2 > 192.168.1.1: ICMP echo reply, id 25637, seq 3, length 64 Use company PC to ping 01:23:03.327966 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:04.816391 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:05.211811 IP 10.0.0.2 > 192.168.1.1: ICMP echo request, id 1, seq 2853, length 40 01:23:05.212180 IP 192.168.1.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2853, length 40 01:23:05.228221 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:06.200953 IP 10.0.0.2 > 192.168.1.1: ICMP echo request, id 1, seq 2854, length 40 01:23:06.201255 IP 192.168.1.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2854, length 40 01:23:06.289783 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:07.350522 IP 10.0.0.2 > 192.168.1.1: ICMP echo request, id 1, seq 2855, length 40 01:23:07.350827 IP 192.168.1.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2855, length 40 01:23:09.449526 IP 10.0.0.2 > 192.168.1.1: ICMP echo request, id 1, seq 2856, length 40 01:23:09.449832 IP 192.168.1.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2856, length 40 01:23:09.725296 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:11.425411 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:12.237556 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:12.262528 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:13.651353 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:13.715695 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:15.982798 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:16.007804 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:16.156518 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:16.165304 IP 10.0.0.2 > 10.0.0.1: ICMP echo request, id 1, seq 2857, length 40 01:23:16.165707 IP 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2857, length 40 01:23:17.150963 IP 10.0.0.2 > 10.0.0.1: ICMP echo request, id 1, seq 2858, length 40 01:23:17.151264 IP 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2858, length 40 01:23:18.156261 IP 10.0.0.2 > 10.0.0.1: ICMP echo request, id 1, seq 2859, length 40 01:23:18.156564 IP 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2859, length 40 01:23:19.157767 IP 10.0.0.2 > 10.0.0.1: ICMP echo request, id 1, seq 2860, length 40 01:23:19.158072 IP 10.0.0.1 > 10.0.0.2: ICMP echo reply, id 1, seq 2860, length 40 01:23:20.509029 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:21.669120 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:22.895954 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:25.466373 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:27.930107 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:27.938637 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:28.176923 IP 192.168.1.1 > 192.168.1.1: ICMP 218.188.88.37 unreachable - need to frag (mtu 1480), length 556 01:23:29.808414 IP 10.0.0.2 > 192.168.1.2: ICMP echo request, id 1, seq 2865, length 40 01:23:29.808828 IP 10.0.0.1 > 10.0.0.2: ICMP 192.168.1.2 protocol 1 port 16938 unreachable, length 68 01:23:30.835163 IP 10.0.0.2 > 192.168.1.2: ICMP echo request, id 1, seq 2866, length 40 01:23:30.835578 IP 10.0.0.1 > 10.0.0.2: ICMP 192.168.1.2 protocol 1 port 16937 unreachable, length 68 01:23:31.831244 IP 10.0.0.2 > 192.168.1.2: ICMP echo request, id 1, seq 2867, length 40 01:23:31.831657 IP 10.0.0.1 > 10.0.0.2: ICMP 192.168.1.2 protocol 1 port 16936 unreachable, length 68 01:23:32.832992 IP 10.0.0.2 > 192.168.1.2: ICMP echo request, id 1, seq 2868, length 40 01:23:32.833452 IP 10.0.0.1 > 10.0.0.2: ICMP 192.168.1.2 protocol 1 port 16935 unreachable, length 68 Regards, Eric -----Original Message----- From: Lars Kruse [mailto:lists at sumpfralle.de] Sent: Saturday, February 13, 2016 1:24 AM To: tinc at tinc-vpn.org Subject: Re: Tinc Router Mode - PING RESULT is destination host unreachable Hi Eric, Am Fri, 12 Feb 2016 23:51:59 +0800 schrieb Eric Yau <ericyaukhy at hotmail.com>:> [..] > Question: On home side (OpenWrt Router) and company side (Windows 7 > PC), I can ping all the IP addresses. But on Home PC (Behind the > OPENWRT Router), I cannot ping to Company (Windows 7 PC) and Company > (Server A). The PING RESULT is destination host unreachable. Any ideaabout that? at this point I would usually try to find out the following details: * does the ping packet reach its target? * does the request packet contain the expected source address? * is a response packet generated? * does the response packet go through the expected stations? All of the above questions can be answered by running tcpdump (e.g. "tcpdump -ni any icmp") on the machine in question. It will probably boil down to a routing/nat or a firewall (iptables) issue, I guess. The "destination host unreachable" error message should indicate which host fails or refuses to deliver the packet. Cheers, Lars
Reasonably Related Threads
- Tinc Router Mode - PING RESULT is destination host unreachable
- Route certain trafic via a tinc node that is not directly connected.
- Strange Traffic Problem
- Route certain trafic via a tinc node that is not directly connected.
- Multiple Tinc servers HA cross multiple regions