In order to be able to access my home network from outside, I have this setting:<\/p>\n\n\n\n
10.8.0.1<\/code>)<\/li>- A Raspberry Pi at home, that always connect to the VPN (and it has IP address
10.8.0.22<\/code>)<\/li>- And when I need to access my home network, I’ll connect my laptop to the same VPN, then either ssh or VNC into the Pi, and do things.<\/li><\/ul>\n\n\n\n
This morning, I was staying at the local library. After I connected to the VPN, I couldn’t access my Pi at all, the attempt to connect simply timed out. And:<\/p>\n\n\n\n
- I could access the VPS using
10.8.0.1<\/code><\/li>- From the VPS, I could access my Pi using
10.8.0.22<\/code><\/li>- On the Pi, everything seemed to work OK, e.g.,
curl ifconfig.io<\/code> would show the public IP of my VPS.<\/li>- And I could access other websites fine.<\/li><\/ul>\n\n\n\n
(I wasted some time here, as the WiFi wasn’t stable at some spots, I tried moving around and disconnecting\/reconnecting multiple times, until I realized it’s time to open the tools to investigate.)<\/p>\n\n\n\n
First, I opened Wireshark, and selected the interface for the VPN. If I tried to access some (http) website, the packets were captured and displayed properly. However, the attempt to connect to Pi didn’t go through this interface at all. Instead, it went through the WiFi interface.<\/p>\n\n\n\n
So it’s a routing issue. ipconfig<\/code> gave:<\/p>\n\n\n\nLocal Area Connection:\n Connection-specific DNS Suffix . :\n Link-local IPv6 Address . . . . . : fe80::e9ba:9444:c320:46a2%31\n IPv4 Address. . . . . . . . . . . : 10.8.0.6\n Subnet Mask . . . . . . . . . . . : 255.255.255.252\n Default Gateway . . . . . . . . . :<\/code><\/pre>\n\n\n\nMaybe the 255.255.255.252<\/code> mask was the culprit? A quick search said no<\/a>.<\/p>\n\n\n\nThe I checked route print<\/code>, and:<\/p>\n\n\n\nIPv4 Route Table\n===========================================================================\nActive Routes:\nNetwork Destination Netmask Gateway Interface Metric\n 0.0.0.0 0.0.0.0 10.128.128.128 10.195.98.171 50\n 0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 257\n 10.0.0.0 255.0.0.0 On-link 10.195.98.171 306\n 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 257\n 10.8.0.4 255.255.255.252 On-link 10.8.0.6 257\n 10.8.0.6 255.255.255.255 On-link 10.8.0.6 257\n 10.8.0.7 255.255.255.255 On-link 10.8.0.6 257\n 10.195.98.171 255.255.255.255 On-link 10.195.98.171 306\n 10.255.255.255 255.255.255.255 On-link 10.195.98.171 306\n <public VPS IP> 255.255.255.255 10.128.128.128 10.195.98.171 311<\/code><\/pre>\n\n\n\nSo the 3rd line was the problem. The system thought my Pi was on the WLAN, not the VPN.<\/p>\n\n\n\n
The fix was easy, just need to manually change the Netmask to 255.255.0.0<\/code>.<\/p>\n\n\n\nExtra: port forwarding issue<\/h2>\n\n\n\n
My router at home allows port forwarding. It stopped working for my Pi. After some digging with tcpdump<\/code> and port scanner<\/a>, I found:<\/p>\n\n\n\n- The
wlan0<\/code> would get 179.10.75.34.bc.googleusercontent.com.44726 > 192.168.1.5.8083: Flags [S]<\/code><\/li>- But the response was attempted through
tun0<\/code>: 192.168.1.5.8083 > 179.10.75.34.bc.googleusercontent.com.44726: Flags [S.]<\/code><\/li><\/ul>\n\n\n\nSo again problem with route table:<\/p>\n\n\n\n
Destination Gateway Genmask Flags Metric Ref Use Iface\n0.0.0.0 10.8.0.21 128.0.0.0 UG 0 0 0 tun0\ndefault 192.168.1.1 0.0.0.0 UG 303 0 0 wlan0\n10.8.0.1 10.8.0.21 255.255.255.255 UGH 0 0 0 tun0\n10.8.0.21 0.0.0.0 255.255.255.255 UH 0 0 0 tun0\n<public VPS IP> 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0<\/code><\/pre>\n\n\n\nFor now, I’m happy with the finding, will leave it to another day for an actual solution.<\/p>\n","protected":false},"excerpt":{"rendered":"
In order to be able to access my home network from outside, I have this setting: I have a VPS, which runs the OpenVPN service (and the IP address is 10.8.0.1) A Raspberry Pi at home, that always connect to the VPN (and it has IP address 10.8.0.22) And when I need to access my… Continue reading Random debugging: can’t connect to host on the same VPN<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[19,3],"class_list":["post-100","post","type-post","status-publish","format-standard","hentry","category-random-debugging-notes","tag-network","tag-programming","entry"],"_links":{"self":[{"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=\/wp\/v2\/posts\/100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=100"}],"version-history":[{"count":1,"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=\/wp\/v2\/posts\/100\/revisions"}],"predecessor-version":[{"id":101,"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=\/wp\/v2\/posts\/100\/revisions\/101"}],"wp:attachment":[{"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wordgeeks.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}