|
This guide describes how you test a VPN tunnel, using the ping command
in a DOS prompt. The test may be used for automatic tunnels as well as restricted
tunnels.
You do not necessarily have to go through the whole test procedure below. If
you locate a tunnel problem during the test, you will be advised how to solve
the problem. Once you receive a positive reply to a ping request, you can skip
the rest of the test.
In the test procedure, the ping tests are performed from a workstation (192.168.1.10)
on the local LAN (192.168.1.0/24). Remember to substitute the IP addresses with
the actual IP addresses used on your VPN.
Test scenario
-
Open a DOS prompt on your workstation:
Select 'Start' > 'Programs' > 'Accessories' > 'Command prompt'
(or similar).
When pinging in a DOS prompt, you always get the reply
four times, for example:
Request timed out
Request timed out
Request timed out
Request timed out
In the procedure below, the reply is shown once.
-
Try to ping a workstation (172.16.1.25) on the remote LAN (172.16.1.0/24):
Type ping 172.16.1.25 and press [Enter].
Pinging the workstation (with 32 bytes of data) will have one of these results:
|
Reply from 172.16.1.25:
bytes=32 time<10ms TTL=255
|
>> |
The tunnel is running, the default gateways on both
networks are correct, and there are working routes between the networks.
You can skip the rest of the test.
|
|
Reply from 192.168.1.1:
Destination net unreachable.
|
>> |
The tunnel is not running, or it is not correctly configured.
See the HowTo guide for
the relevant tunnel type.
|
|
Reply from 192.168.1.1:
Destination host unreachable.
|
>> |
The remote workstation is not working properly.
A) Check that the cables are correctly mounted and
the power is on.
B) Is Safepipe the default gateway?
If Safepipe should be the default gateway, see the
guide How to add Safepipe
as default gateway for the relevant Windows operating system.
If Safepipe is not the default gateway, you
need to add a route to the remote network (see how in Step
5).
|
|
Request timed out
|
>> |
Proceed to Step 3.
|
-
Try to ping the remote Safepipe's private IP address (172.16.1.1):
Type ping 172.16.1.1 and press [Enter].
The ping test will have one of these results:
|
Reply from 172.16.1.1:
bytes=32 time<10ms TTL=255
|
>> |
The tunnel is running, and you can skip the rest of
the test, but one of the following problems exists:
A) The remote workstation is offline. Switch on the workstation.
B) The remote workstation's default gateway is incorrect. See the
guide How to add Safepipe
as default gateway for the relevant Windows operating system.
C) The remote workstation has no route to the 192.168.1.0/24 network.
See how to add a route in Step 5.
|
|
Request timed out
|
>> |
A) The default gateway for the workstation that you
are pinging from is incorrect. Proceed to Step 4.
Or:
B) The tunnel is not running, or it is not correctly configured.
See the HowTo guide for the
relevant tunnel type.
|
-
Try to ping the local Safepipe's private IP address (192.168.1.1):
Type ping 192.168.1.1 and press [Enter].
You will get one of these results:
|
Reply from 192.168.1.1:
bytes=32 time<10ms TTL=255
|
>> |
The tunnel is not running, or it is not correctly configured.
See the HowTo guide for the
relevant tunnel type.
|
|
Request timed out
|
>> |
A) Safepipe is not used as default gateway (and is
not supposed to be). You need to add a route from the workstation
to the remote network. Proceed to Step 5. Or:
B) The default gateway for the local workstation is incorrect. See
the guide How to add
Safepipe as default gateway for the relevant Windows operating
system.
|
-
If the workstation uses an Internet gateway different from Safepipe, you
must add a route to the remote network on the workstation:
Type route add 172.16.1.0 mask 255.255.255.0 192.168.1.1
and press [Enter].
Afterwards, proceed to Step 6.
-
Try to ping the remote workstation again:
Type ping 172.16.1.25 and press [Enter].
You will get one of these results:
|
Reply from 172.16.1.25:
bytes=32 time<10ms TTL=255
|
>> |
The tunnel is running, the default gateways on both
networks are correct, and there are working routes between the networks.
You can skip the rest of the test.
|
|
Reply from 192.168.1.1:
Destination net unreachable.
|
>> |
The tunnel is not running, or it is not correctly configured.
See the HowTo guide for
the relevant tunnel type.
|
|
Reply from 192.168.1.1:
Destination host unreachable.
|
>> |
The remote workstation is not working properly. Check
its configuration.
|
|
Request timed out
|
>> |
Proceed to Step 7.
|
- Find out where the data packets are lost:
Type tracert 172.16.1.25 and press [Enter].
This will trace the route to 172.16.1.25 (over a maximum of 30 hops).
The result will be one of the following:
|
1 <10 ms <10 ms 10
ms
local safepipe [192.168.1.1]
2 <10 ms <10 ms 10 ms
remote safepipe [172.16.1.1]
3 * * *
Request timed out
|
>> |
A) The default gateway on the remote workstation is
not set to be the remote Safepipe's private IP address (172.16.1.1).
See the guide How to
add Safepipe as default gateway for the relevant Windows operating
system. Or:
B) There is no route from the remote network to the local network.
Add a route following the procedure in Step 5.
|
|
1 <10 ms <10 ms 10
ms
local safepipe [192.168.1.1]
2 * * *
Request timed out
3 * * *
Request timed out
|
>> |
The tunnel is not running, or it is not correctly configured.See
the HowTo guide for the relevant tunnel type.
|
|
1 * * *
Request timed out
2 * * *
Request timed out
3 * * *
Request timed out
|
>> |
If the physical connections are still OK, Safepipe
is probably not configured correctly. See the guide How
to install Safepipe.
|
|
