Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Emerging Member
Posts: 92
Registered: ‎11-08-2015
Kudos: 11
Solutions: 4
Accepted Solution

Unable to ping UNMS from remote site

[ Edited ]

Hi everyone,

 

At present I have OpenVPN configured over vtun0 with OSPF running on top at two sites, HQ and remote. I have a server VLAN, 192.168.110.0/24, at HQ that contains UNMS at 192.168.110.64. At my remote site, I have an ER-X sitting, internally, on 192.168.3.1. From the remote site, I am able to ping other servers in 192.168.110.0/24 range, but not the UNMS server. I checked on my local Ubuntu install and it appears ufw is already disabled.

 

Does anyone have any ideas what could be causing this? It really sounds like a firewall issue on the server, especially since I've checked my route table at the remote site and it is showing the 192.168.110.0/24 in there (.64 is a natural boundary for /26, so worth double checking).

 

Any help is much appreciated! Have a great day!


Accepted Solutions
Emerging Member
Posts: 92
Registered: ‎11-08-2015
Kudos: 11
Solutions: 4

Re: Unable to ping UNMS from remote site

I'm fairly confident I found and fixed my issue.

 

Looking at the ip route output on the UNMS server, I saw several 172.17.0.0/16, 172.18.0.0/16, 172.19.0.0/16 type entries. My vtun interfaces are configured to use 172.17.0.0/30. I figured this would be a non-issue as the pings should be coming from where I'm logged in, at 192.168.3.1 on the inside interface of the ER-X. Wrong!

 

Changed the IP address scheme on "docker0" aka Docker's default bridge0 device via /etc/docker/daemon.json (if it doesn't exist, create it) as described in the Docker documentation here: https://docs.docker.com/engine/userguide/networking/default_network/custom-docker0/

 

Restarted Docker service, fixed an error about an IP conflict (bridge device address cannot be the same as gateway, BTW), and voila! Now I can ping fine in both directions. I'm unable to confirm that the service is working normally at this point as I'm SSH'ed in, rather than VPN'ed in, but I'll verify as soon as I'm home. My results imply that pings from the router to another inside network on the site-to-site VPN are sourced from the vtun 172.17.0.0/30 interface, which is interesting. I only wish I knew where this behavior was documented or could be changed.

View solution in original post


All Replies
Emerging Member
Posts: 92
Registered: ‎11-08-2015
Kudos: 11
Solutions: 4

Re: Unable to ping UNMS from remote site

This is definitely an issue on the server. I can ping UNMS -> remote site, but I cannot ping remote site -> UNMS. I manually disabled ufw just to make sure that wasn't it. Still no luck.

Weird thing is at least one of my HQ VLAN's is perfectly fine, with the server replying.
New Member
Posts: 26
Registered: ‎04-04-2014
Kudos: 36

Re: Unable to ping UNMS from remote site

Having the same issue, I reinstalled the softwear on my server and I could ping from remote site to the server, as soon as I add the UNMS info to the edgerouter ping stops. 

Emerging Member
Posts: 92
Registered: ‎11-08-2015
Kudos: 11
Solutions: 4

Re: Unable to ping UNMS from remote site

I'm fairly confident I found and fixed my issue.

 

Looking at the ip route output on the UNMS server, I saw several 172.17.0.0/16, 172.18.0.0/16, 172.19.0.0/16 type entries. My vtun interfaces are configured to use 172.17.0.0/30. I figured this would be a non-issue as the pings should be coming from where I'm logged in, at 192.168.3.1 on the inside interface of the ER-X. Wrong!

 

Changed the IP address scheme on "docker0" aka Docker's default bridge0 device via /etc/docker/daemon.json (if it doesn't exist, create it) as described in the Docker documentation here: https://docs.docker.com/engine/userguide/networking/default_network/custom-docker0/

 

Restarted Docker service, fixed an error about an IP conflict (bridge device address cannot be the same as gateway, BTW), and voila! Now I can ping fine in both directions. I'm unable to confirm that the service is working normally at this point as I'm SSH'ed in, rather than VPN'ed in, but I'll verify as soon as I'm home. My results imply that pings from the router to another inside network on the site-to-site VPN are sourced from the vtun 172.17.0.0/30 interface, which is interesting. I only wish I knew where this behavior was documented or could be changed.

Ubiquiti Employee
Posts: 546
Registered: ‎05-24-2016
Kudos: 341
Solutions: 70

Re: Unable to ping UNMS from remote site

@jamesb2147

Hi Sean, thank you for reporting it. You can find more information about this problem in this thread.

Reply