OpenVPN could connect but did not ping internal network

I’m setting up my internal infrastructure to use OpenVPN since I want to be able to do a lot of monitoring on the Notiffi system I’m working on and I didn’t want to use an SSH tunnel and I definitely did not want to be sending instrumentation data across the Internet without protection.  So I decided to use OpenVPN.

But I had a problem.  I was able to connect relatively easily but I could not ping the machines.  Routing seemed to be working properly

ip -s route get via dev tun0 src

and tcpdump was showing traffic over the main eth.

tcpdump -nnel -i eth0 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:26:18.860693 90:6e:bb:82:ec:38 > 00:18:4d:7b:a8:1f, ethertype IPv4 (0x0800), length 95: > UDP, length 53

But pings were not working.  Tried to figure this out for hours, but I just couldn’t find the solution.  Then as I was checking the errors logs (after reducing the log level to 1) and I saw this

Oct 18 16:14:58 localhost openvpn[29751]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

That was on the server.  I checked the logs on the client and I saw

Oct 18 16:19:58 li114-69 openvpn[32078]: Bad LZO decompression header byte: 42

And it got me wondering if there was just a communication problem due to one side expecting compression and the other side not.  In other words, that it wasn’t negotiated.  I made the configuration change on BOTH ides this time, tried the ping again and it worked.

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=0.208 ms


2 thoughts on “OpenVPN could connect but did not ping internal network”

    1. The problem was that the compression settings were different on the server than they were on the client. I changed it so both sides had the same compression and it worked

Leave a Reply

Your email address will not be published. Required fields are marked *