Ping over VPN

Started by Zoik!, June 10, 2022, 08:06:53 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
June 14, 2022, 07:40:43 AM #15
Quote from: defaultuserfoo on June 14, 2022, 07:11:24 AM
Quote from: Vilhonator on June 12, 2022, 09:00:33 PM
Quote from: defaultuserfoo on June 12, 2022, 08:52:55 PM
Such a VPN provider would need to fix their configuration so that pinging is possible ...

Ping is at least required for diagnostics, so if they are blocking it, it's a misconfiguration, especially when they don't give you an option to unblock it.  What's the point of having a connection that is blocked anyway.


I have no idea what you are saying here, friend. A VPN is created by connecting to a service that runs on a server. Once connected, your source address changes per the translation done over that provider's network, thus hiding your original source addy. In this case the server runs wireguard. Whether you connect to that server via router or app you are still connecting to the same server using the same protocol. There should be no routing difference, it's the same server. You can't selectively block ICMP when you are connecting to the same server on the same network. The difference between the app and hardware device is the device, not the protocol or server.
June 14, 2022, 08:02:27 AM #16
Quote from: Zoik! on June 14, 2022, 07:40:43 AM
Quote from: defaultuserfoo on June 14, 2022, 07:11:24 AM
Quote from: Vilhonator on June 12, 2022, 09:00:33 PM
Quote from: defaultuserfoo on June 12, 2022, 08:52:55 PM
Such a VPN provider would need to fix their configuration so that pinging is possible ...

Ping is at least required for diagnostics, so if they are blocking it, it's a misconfiguration, especially when they don't give you an option to unblock it.  What's the point of having a connection that is blocked anyway.


I have no idea what you are saying here, friend. A VPN is created by connecting to a service that runs on a server. Once connected, your source address changes per the translation done over that provider's network, thus hiding your original source addy. In this case the server runs wireguard. Whether you connect to that server via router or app you are still connecting to the same server using the same protocol. There should be no routing difference, it's the same server. You can't selectively block ICMP when you are connecting to the same server on the same network. The difference between the app and hardware device is the device, not the protocol or server.

That's true if you are hosting VPN on your router and connecting your computer to it using app or via ethernet.

When you connect to your VPN remotely (when your PC is connected to different router or firewall with different public IP), routes change.

VPNs don't magically hide your IP or traffic, they encrypt traffic and hide your IP behind servers IP.

At some point, the traffic must be decrypted (If your firewall uses VPN, then it's done on that, if you use App, then app does it).

You can even block VPN connections by adding VPN network in question to firewall blocks or by using proxies, that's because your computer must have free access to VPN server, to be able to connect to it.

All VPN does makes it harder to trace your traffic, but there are many cases where hackers have managed to steal peoples credit cards and such, due to stupidity and people thinking VPNs are 100% secure
June 14, 2022, 08:22:56 AM #17
I want to make sure that this discourse stays friendly and within the realm of technical solutions. I'm stating that because technical conversations get out of control quickly and want to make sure you know my tone is one of trying to find a solution.

So, in the interest of debating solutions, all the below states is the VPN process, which is simple and not in debate here. What I'm saying is that I am connecting to the same server, same port, same protocol, different mediums. The difference is the device. There is no routing difference because I am connecting from a router rather than an app. They are both configured in essence identically, yet one can ping and other can't. That suggests a misconfiguration on the device rather than a filter rule.
June 14, 2022, 10:30:45 AM #18
Quote from: Zoik! on June 14, 2022, 08:22:56 AM
I want to make sure that this discourse stays friendly and within the realm of technical solutions. I'm stating that because technical conversations get out of control quickly and want to make sure you know my tone is one of trying to find a solution.

So, in the interest of debating solutions, all the below states is the VPN process, which is simple and not in debate here. What I'm saying is that I am connecting to the same server, same port, same protocol, different mediums. The difference is the device. There is no routing difference because I am connecting from a router rather than an app. They are both configured in essence identically, yet one can ping and other can't. That suggests a misconfiguration on the device rather than a filter rule.

In that case, check the local IPs of both devices.

If you are hosting the VPN server, then you need to check the firewall rules.

Ping being blocked by one device connected to it same way than different device, would imply that both are connecting to a different network which makes it external connection to which you try to ping.

To put it simple. If device A connects to VPN and gets local IP of 172.16.20.100, device B gets IP 172.16.10.100 and same subnet or Device A has ip 172.16.10.100 and device B has 172.16.10.101 but different subnet mask than device A, then devices are connecting to different networks.

To put it even simpler:

VPN works same way as if you would connect to your computer using secure remote desktop connection at your mothers house 1000 km away from your home. Unless it is properly set up or you really can trust that complete stranger who happens to offer VPN service, not using VPN is by far lot more safer
June 14, 2022, 11:49:18 AM #19
It was a default gateway misconfiguration in Opnsense.
Print
Go Up Pages 1 2
User actions