Old 04-14-2016, 11:25 AM   #1
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,649
Blog Entries: 4

Question Weird OpenVPN problem connecting to VM -- I fixed it, but how?

I have several (VirtualBox ...) VMs running on a remote server, each of which has a Bridged network adapter such that it obtains an IP-address ( on the remote local-network, which address I know.

Ordinarily, I am able to SSH from the remote side directly to this address without difficulty.

However, after doing what I thought was a perfectly ordinary restart of one VM, I found that I could no longer SSH it or ping it! Yet, I could open a Remote Desktop session (over VPN ...) to that server, and, from its desktop, grab a terminal window and either Ping or SSH to the VM as expected.

I of course confirmed that, on my system, a route to the destination address is defined, and that it does go through the VPN tunnel. (That's been working fine for many weeks.)

Curious now, but not yet in a panic, I started Wireshark on that server and tried to ping from my side. I found the packets appearing (at the address corresponding to my VPN connection), being sent to the VM, but "no reply!" I could also see pings from the local session (that I had started using my Remote Desktop) being sent and replied-to. In other words, the VM seemed to be replying to one IP-address but not the other.

Becoming more alarmed by the minute, I opened the console of the VM and looked at its IPTables rules: there were none. This VM does not have any sort of firewall.

Panicking now, I decided to punt: sudo service networking restart.

. . . and, magically, it now works just fine. Now, my pings from the remote side are being replied-to, and I can ssh from the remote. just like I had been able to do before restarting the VM.

Therefore, I am quite flummoxed ... unable to point my finger at "exactly what was the problem," and also, to "why this particular command (albeit: 'thank god it did!') fixed it.

The core symptom seems to be: from the point-of-view of WireShark, running on the remote system (and being accessed by means of VPN, the entire time!), pings to the VM from the VPN-portal addresses were not being replied to. The remote side could not ping this address, although it could ping other (non-VM) IP-addresses (to which it has established routes) without difficulty.

Old 04-16-2016, 04:31 AM   #2
LQ Guru
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,797

If I read this right, you could ping the remote VM guest via the host, but not from your local machine? That reads like a missing default route on the guest at the time. (Since host and guest are on the same subnet, ARP is used.) So, I can see why restarting the guest network might have fixed a 'gateway' issue.


