Cant ping or SSH into my raspberry pi


Recommended Posts

I have just changed my router recently from a sky stock model, to a TP link VR2800. All devices on my network appear to have adjusted ok to the new router with the exception of my raspberry pi. I am not sure if what it is doing now is correct behaviour, but its certainly different to what it was previously. Let me explain.

 

My raspberry pi is a dedicated torrent downloading device, hardwired, which I have given a static IP to .37.  I have Open VPN installed with a connection to IPVanish. I have Transmission installed to download my favourite linux distros, and I can remotely access the device from my phone as I have forwarded port 9092 to 192.169.0.37 (raspberry pi address).  This setup has been working flawlessly on my old router \nd my now new router. Howver,  I can now no longer SSH in to it, nor ping it.

 

I can see the raspberry pi on my router dashboard with the right IP address assigned, but I am unable to ping the device from either my laptop or my phone. Would the VPN on the raspberry pi prevent me pinging?

My torrent box actually seems to be working as expected, however, my issue is I cannot now SSH into it in anyway shape or form. I don’t even get to the username and password. its like SSH has been disabled by PI, but when  I checked, its still on. I am still finding my feet with my router, but is it possible that the new router is blocking me from SSH? Or is it possible that the VPN is blocking me SSH in to it? I never had an issue with SSH like this on my old router.

 

Any help would be gratefully received.

 

Thanks.

Hi mate. Well, I think I did! But let me see if I can do what you suggest. The /24 is a submask of 255.255.255.0, right? My router is definitely 192.168.0.1 as it was before. 

 

 

Now, I'm running retropie so it will boot straight into that splashscreen. You wouldn't know how I could do as you suggest, would you? 

Here is the thing - your router has ZERO do to with you access it from another machine on the same network..   ZERO!!  Firewall running on pi?

 

Example

your router is 192.168.0.1/24

so you have 2 machines on this network

192.168.0.42/24

and say

192.168.0.37/24

 

When .42 wants to talk to .37 your router could BE OFF!!  Has nothing to do with the conversation..

 

Are your clients both wired or wireless?  Your new router might have say AP isolation on, which prevents wireless from talking to wired, or wireless devices talking from talking to each other, etc.  When you ping the pi IP from your client, do you even get back its mac address?  Look in your clients arp table.

 

edit:  Well you can not turn if off if also your switch or providing wifi ;)  But you get my meaning I hope.

can you try from something wired, is your wifi set to "guest" mode they also would not be able to access wired devices.

 

I would think you should be able to plug your laptop into a wire.

If you set the IP static on the Pi, have you checked that the .37 IP address doesn't fall into the DHCP scope used by the new router? It might have handed out that IP address to another client on the network causing a conflict

My DHCP starts from 0.100 up to 0.254 and my pi is static on 0.37. 

 

I'm now starting to wonder if I was only able to ssh the pi previously with its VPN enabled because of the sky DNS issue I was having. Like a by chance scrnerio. Maybe, as Budman says, this is now expected behavior. 

 

My thoughts today are:

 

Wondering if its possible to run the VPN on the router instead of the pi, removing it completely from the pi. In my head (not sure if this is even possible) could I configure the routers VPN to operate for either a set range of local IPs, say 0.30 to 0.40,or allow it be active for a specific subnet only, 1.0 to 1.254? Then change the static ip of router to 1.37? I don't particularly want the rest of my devices /traffic to sit behind a vpn. 

 

Also Budman. No difference hardwiring the laptop. Still cannot ping. Should have mentioned, i also have a NAS with a static ip of 0.26 which doesn't currently give me any issue. Pingable from both wired and wireless devices. 

Well turn off the vpn on you pi, can you now get to it?

 

What router do you have - you can for sure run vpn on router and then just policy route what devices on your network you want to use the vpn..  This is clicky cickity on say pfsense.

Seems like a logical thing to do, and I would have done that earlier however I currently not sure I can. The VPN starts automatically with a script when ever the pi it boots up., therfore I'd have done this via an ssh command previously. I think I will need to reimage the raw retropie OS on to its sd card, and then ssh back in all my code with the exception of the VPN. Not a huge task but will take me a few hours in-between family life. 

 

It's a TP link Archer vr2800. Would welcome your thoughts on the art of the possible regards the VPN implementation on this device. My VPN provider is Ipvanish

 

Thanks mate 

That is gateway device is it not?  Ie modem/router combo - I doubt it has such functionality, and you prob can not run 3rd party firmware that would support it.

 

Can you not console in to the pi, or just use a keyboard and mouse to interact with it to turn off the vpn?  Maybe it block it from access vpn, or disconnect it from the internet network for a while to disable the script?

Nope not if you want to policy route some clients behind to a vpn service.  Can you not just fire up a different router?  You have anything you can run pfsense on, or box you can setup VMs on that could be your router?

 

Also that they still over a PPTP as vpn server is scary!  That has not been secure in over 5 years for sure..   prob more like 7, 2012 is when it came apart I do believe..

 

From that interface sure looks like you can put it into bridge mode and just run a router behind it.

  On 19/09/2019 at 13:35, rageagainstmachine said:

Would I not therfore be better just returning it and buying a cheaper modem, and separate router? What parts can you recommend mate. Its needs to be capable of MER (option 61), for sky 

 

 

Expand  

yes. for this and a few other reasons I always recommend having the router separate from the modem.

 

Main reasons are:

  1. Combos tend to be more locked down as you've noticed
  2. Combos don't get as frequent updates and can easily be left unpatched when a security flaw is found
  3. Combos tend to have more of a bottleneck as well compared to separating them

Get a basic modem that's compatible with your service provider and a router capable of using OpenWRT and your possibilities will be almost endless :)

Asus routers are also great as there is an extended firmware based on the official one called Merlin and it adds a bunch of useful features and bug fixes while keeping the native interface.

  On 19/09/2019 at 13:44, Brandon H said:

Get a basic modem that's compatible with your service provider and a router capable of using OpenWRT

Expand  

What about a Netgear DM200 Modem with an Asus RT-AC86U router?

on a little research it looks like the ASUS routers support VPN but only OpenVPN; if that protocol works for your VPN then that router should work splendidly for you with the Merlin OS

https://www.asuswrt-merlin.net/about

 

it looks like the newer Asus routers don't support full 3rd party firmwares like OpenWRT though so if OpenVPN doesn't work for you you may want to look into another router brand like Netgear

 

for a similar price it looks like the Netgear Nighthawk X6 has good OpenWRT support :)

 

https://www.amazon.com/R8000-100NAS-Nighthawk-Tri-Band-Ethernet-Compatible/dp/B00KWHMR6G/ref=sr_1_3?keywords=netgear%2Br8000&qid=1568906256&s=gateway&sr=8-3&th=1

https://openwrt.org/toh/hwdata/netgear/netgear_r8000

I would not suggest any of those soho routers, even if they support 3rd party to be honest... Get a real router, and then AP.. Yeah its even more separation.

 

Something like the sg1100 would be an entry level router.. $179 (price went up)

https://www.netgate.com/solutions/pfsense/sg-1100.html

 

Then a real AP, say uap-ac-lite or pro 80$ for the lite.

 

Then switch that can do vlans, say $40...

 

Now your talking $300...   But there would be pretty much nothing you couldn't do.

  • Like 2
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Intel vs AMD? Microsoft seemingly has a clear recommendation for Windows 11 Pro PC upgrade by Sayan Sen Microsoft and its partners are now quite actively and regularly promoting the upgrade to Windows 11. Asus, for example, recently published blog posts about the "mandatory Windows 11 upgrade" that is coming as the Windows 11 end of support date nears. Microsoft itself, from time to time, urges users to upgrade to its newest OS. Back in February 2024, Microsoft released an advert highlighting the best things about Windows 11 over Windows 10. Later, in June in the same year, the tech giant busted "myths and misconceptions" surrounding a Windows 11 upgrade. And towards the end of 2024, in December, Microsoft put up a blog post outlining the gaming features a user enjoys on 11 if they were to upgrade from Windows 10. While technically there is nothing wrong with a company promoting its own product, sometimes these campaigns make little sense and they fall flat. For example, in January earlier this year, Microsoft shared a blog post headlined "Free Upgrade to Windows 11 (For a Limited Time Only)" which did not make sense as it offered little information about it being a "free upgrade," and it was rightfully, later taken down. The company is back again with a new commercial about Windows 11. This time it is aimed mainly at IT professionals and enterprises as the advert talks about upgrading to Windows 11 Pro from Windows 10. This landed a few days after Microsoft released a new backup tool for organizations for such a purpose. What is interesting is that the company is promoting Intel's vPro processors and there is no mention of AMD's Ryzen PRO parts. The commercial is posted on the Windows official YouTube channel and has been titled "Right side of risk | Windows 11 Pro and Intel". The video description says, "Windows 10 support ends October 14. Stay on the right side of risk—upgrade now to the power of Windows 11 Pro PCs with Intel vPro®." AMD does have a support article about the subject headlined "Support Your Customers’ Move to Windows 11, With AMD Ryzen™ PRO Processors" and you can find it here. This is not the first time Microsoft has promoted Intel CPUs over AMD ones. Back in 2021, the company also put up a full page explaining how users should "look for the Intel EVO badge" on a new device before making a purchase decision because such PCs are "verified wonderful" which was a bit of an odd language. Like the limited upgrade time article, the page above was taken down after we reported on it (can be viewed via the archive) and replaced with something else. The new commercial was published about a couple of days ago, and it is possible that Microsoft may have a dedicated AMD advert too in the pipeline scheduled for a later release, and that would only be fair if both companies get a similar treatment.
    • Don’t blame web developers for the downfall of Firefox. 😂
    • Microsoft, Indian police bust AI-powered tech support scam ring targeting elderly in Japan by Paul Hill Pop-up scams pretending to be Microsoft Working with India’s Central Bureau of Investigation (CBI), Microsoft recently assisted in busting a scam network that was targeting the elderly in Japan. The CBI raided 19 locations on May 28, leading to the arrest of six key operatives and the taking down of two call centers. The scammers were impersonating Microsoft specifically and using tech support scams against Japanese seniors. The raid led to the seizure of both digital and physical infrastructure, including computers, storage devices, and phones. The scammers were targeting older adults, who are more vulnerable to fraud. To put this activity to an end, Microsoft’s Digital Crimes Unit (DCU), the Japan Cybercrime Control Center (JC3), Japan’s National Police Agency (NPA), and India’s CBI conducted significant cross-border collaboration to trace the criminals. Thanks to the internet, cross-border crimes like these have been around for a while and multinational tech firms like Microsoft are making significant efforts to help law enforcement agencies crack down on cybercrime. Artificial intelligence is also starting to be used to make more sophisticated scams. The evolving threat This case reveals an evolution in how Microsoft’s DCU addresses cybercrime involving tech support fraud. Thanks to AI, scammers have been able to scale their operations. In response, Microsoft has moved away from focusing on individual call centers to target the heads of criminal operations and disrupting their technical infrastructure. Notably, Microsoft’s collaboration with JC3 is the first time the DCU has partnered with a Japan-based organization to assist victims. Microsoft is continually getting tips from JC3 about malicious pop-ups urging recipients to call fake technical support lines that claim to be Microsoft. This data has allowed Microsoft to shut down 66,000 malicious domains and URLs globally since May 2024. Microsoft noted that artificial intelligence is now being used by criminals to scale their operations. Some ways in which these entities leverage AI are for victim identification, writing convincing scam emails and building fake web pages, as well as for convincing translations. Anyone can use AI for malicious purposes so it could increase the number of people or groups carrying out attacks. It also makes attacks much more sophisticated and harder to detect and necessitates better consumer protections and more sophisticated security tools such as passkeys to reduce hacks. Protecting vulnerable populations and what readers can do Tech support fraud attacks have been found by the FBI to disproportionately affect older people, resulting in $590 million in losses in 2023 for just older Americans alone. In this operation that targeted Japanese victims, around 90% of the 200 affected people were over 50. If you’ve ever received suspicious communications from a party claiming to be Microsoft, you should know that Microsoft never sends unsolicited emails or makes phone calls requesting personal or financial information, and it doesn’t offer unsolicited tech support. If you do get any suspicious communications, then you should report it to Microsoft so that it can take action.
  • Recent Achievements

    • Week One Done
      luxoxfurniture earned a badge
      Week One Done
    • First Post
      Uranus_enjoyer earned a badge
      First Post
    • Week One Done
      Uranus_enjoyer earned a badge
      Week One Done
    • Week One Done
      jfam earned a badge
      Week One Done
    • First Post
      survivor303 earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      433
    2. 2
      +FloatingFatMan
      239
    3. 3
      snowy owl
      213
    4. 4
      ATLien_0
      211
    5. 5
      Xenon
      157
  • Tell a friend

    Love Neowin? Tell a friend!