Unidirectional Ping?

Jonfvk · November 6, 2023, 1:45am

The issue is I can ping from a workstation who has a static ip of 10.0.0.2/29 with a GW of 10.0.0.1/29 which is the eth7 vyos router interface. On the vyos router I cannot ping the workstation, I have deleted and tried linux, servers , and other devices with no luck. If I add a router and connect it I can get it to ping.
I can see the mac address and the remote port for the workstation when I do a “show arp” on the vyos router.
All my interfaces are up.
I have a static entry for the 10.0.0./29 network to point to 10.0.0.2. I can see routing table has all the right routing info for the 10.0.0.0/29.

Is there something I am missing just to get ping to go both directions?

                         S>* 0.0.0.0/0 [1/0] via 10.1.0.1, eth0, weight 1, 00:17:49

O 1.1.1.1/32 [110/0] is directly connected, lo, weight 1, 00:24:56
C>* 1.1.1.1/32 is directly connected, lo, 00:25:04
O>* 3.3.3.3/32 [110/1] via 10.2.2.2, bond1, weight 1, 00:24:05
S 10.0.0.0/29 [1/0] is directly connected, eth7, weight 1, 00:24:57
C>* 10.0.0.0/29 is directly connected, eth7, 00:25:02
S 10.1.0.0/29 [1/0] via 10.1.0.1 inactive, weight 1, 00:02:40
O 10.1.0.0/29 [110/1] is directly connected, eth0, weight 1, 00:17:49
C>* 10.1.0.0/29 is directly connected, eth0, 00:17:49
O 10.2.1.0/29 [110/1] is directly connected, bond0, weight 1, 00:24:56
C * 10.2.1.0/29 is directly connected, bond0.10, 00:24:58
C>* 10.2.1.0/29 is directly connected, bond0, 00:24:58
O 10.2.2.0/29 [110/1] is directly connected, bond1, weight 1, 00:24:56
C * 10.2.2.0/29 is directly connected, bond1.10, 00:24:59
C>* 10.2.2.0/29 is directly connected, bond1, 00:24:59
O>* 10.2.3.0/29 [110/2] via 10.2.2.2, bond1, weight 1, 00:24:05

tjh · November 6, 2023, 1:54am

Are you setting the source you’re pinging from?

It might be that Vyos is chosing to source ping from a IP that your remote device doesn’t have a route back to.

You could always use tcpdump as well to see what exactly is going out on the wire.

Jonfvk · November 6, 2023, 5:38pm

I set up just the basics with two routers…
IP on the interface on the vyos router as 10.0.0.1/29. Then added:
set protocols static route 10.0.0.0/29 out of the same ethernet interface that has the IP.

I did this on the remote router the only difference was added 10.0.0.2/29 on the interface.
did a ping, and it completed both directions, on each router.
I deleted the remote router, then added a windows 10 machine, with a default gateway and IP address set:
IP: 10.0.0.2
MASK/29
DG 10.0.0.1

Ping completes from the Windows machine.

Ping fails again from the router. What is this?

JeffWDH · November 6, 2023, 5:45pm

Is the Windows firewall enabled / possibly blocking your pings?

Jonfvk · November 6, 2023, 10:11pm

Let me check that.

I see that the pings from the router are crossing the wire but no response is making it back. From the packet capture.

blex · November 7, 2023, 12:10am

Windows 10 firewall blocks ipv4 and ipv6 incoming per default. If it is a ping reply it is allow per default.

to check you can use tcpdump on the vyos side. Like tcpdump -i eth7 -n -vv icmp

@Jonfvk form what you have described here it sound strongly like windows 10 default firewall.

Jonfvk · November 7, 2023, 5:16pm

That was the issue, switched to linux and the issue resolved. Thanks! I appreciate it.