ICMP failures but TCP working fine.

Got a problem with Viscosity or need help? Ask here!

FidgetyRat

Posts: 1
Joined: Wed May 17, 2017 10:41 pm

Post by FidgetyRat » Wed May 17, 2017 10:48 pm
My mac running Sierra and the latest Viscosity has a strange issue where ICMP traffic (ping and traceroute) will not go through the VPN but all other traffic such as SSH and HTTP are working fine. If I connect to the same VPN server using my iphone and OpenVPN Connect, the phone is able to ping fine, so there's no routing issue on the server side. Viscosity is set to send all traffic through the VPN..

Anyone know where I can start to debug this issue?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed May 24, 2017 5:14 am
Hi FidgetyRat,

The OpenVPN Connect apps are not using the offical community implementation of OpenVPN, but rather their own implementation that differs in behaviour, so I'm afraid it's difficult to make a direct configuration comparison. It sounds likely you either have a DNS issue on your hands (if the addresses you're trying to ping don't resolve) or a packet size or MTU issue.

If you have a packet size or MTU issue TCP connections are likely working as your configuration has a "mssfix" command present. mssfix limits TCP packet size, but not other kinds of packets (such as ICMP or UDP). You may need to adjust the values for commands like tun-mtu/link-mtu. For more information about these commands please see:
http://www.sparklabs.com/support/kb/art ... -commands/

I suggest checking the OpenVPN log before making any configuration changes to see if there are any warnings or error messages:
http://www.sparklabs.com/support/kb/art ... envpn-log/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1