Cant ping or SSH into my raspberry pi


Recommended Posts

I have just changed my router recently from a sky stock model, to a TP link VR2800. All devices on my network appear to have adjusted ok to the new router with the exception of my raspberry pi. I am not sure if what it is doing now is correct behaviour, but its certainly different to what it was previously. Let me explain.

 

My raspberry pi is a dedicated torrent downloading device, hardwired, which I have given a static IP to .37.  I have Open VPN installed with a connection to IPVanish. I have Transmission installed to download my favourite linux distros, and I can remotely access the device from my phone as I have forwarded port 9092 to 192.169.0.37 (raspberry pi address).  This setup has been working flawlessly on my old router \nd my now new router. Howver,  I can now no longer SSH in to it, nor ping it.

 

I can see the raspberry pi on my router dashboard with the right IP address assigned, but I am unable to ping the device from either my laptop or my phone. Would the VPN on the raspberry pi prevent me pinging?

My torrent box actually seems to be working as expected, however, my issue is I cannot now SSH into it in anyway shape or form. I don’t even get to the username and password. its like SSH has been disabled by PI, but when  I checked, its still on. I am still finding my feet with my router, but is it possible that the new router is blocking me from SSH? Or is it possible that the VPN is blocking me SSH in to it? I never had an issue with SSH like this on my old router.

 

Any help would be gratefully received.

 

Thanks.

Hi mate. Well, I think I did! But let me see if I can do what you suggest. The /24 is a submask of 255.255.255.0, right? My router is definitely 192.168.0.1 as it was before. 

 

 

Now, I'm running retropie so it will boot straight into that splashscreen. You wouldn't know how I could do as you suggest, would you? 

Here is the thing - your router has ZERO do to with you access it from another machine on the same network..   ZERO!!  Firewall running on pi?

 

Example

your router is 192.168.0.1/24

so you have 2 machines on this network

192.168.0.42/24

and say

192.168.0.37/24

 

When .42 wants to talk to .37 your router could BE OFF!!  Has nothing to do with the conversation..

 

Are your clients both wired or wireless?  Your new router might have say AP isolation on, which prevents wireless from talking to wired, or wireless devices talking from talking to each other, etc.  When you ping the pi IP from your client, do you even get back its mac address?  Look in your clients arp table.

 

edit:  Well you can not turn if off if also your switch or providing wifi ;)  But you get my meaning I hope.

can you try from something wired, is your wifi set to "guest" mode they also would not be able to access wired devices.

 

I would think you should be able to plug your laptop into a wire.

If you set the IP static on the Pi, have you checked that the .37 IP address doesn't fall into the DHCP scope used by the new router? It might have handed out that IP address to another client on the network causing a conflict

My DHCP starts from 0.100 up to 0.254 and my pi is static on 0.37. 

 

I'm now starting to wonder if I was only able to ssh the pi previously with its VPN enabled because of the sky DNS issue I was having. Like a by chance scrnerio. Maybe, as Budman says, this is now expected behavior. 

 

My thoughts today are:

 

Wondering if its possible to run the VPN on the router instead of the pi, removing it completely from the pi. In my head (not sure if this is even possible) could I configure the routers VPN to operate for either a set range of local IPs, say 0.30 to 0.40,or allow it be active for a specific subnet only, 1.0 to 1.254? Then change the static ip of router to 1.37? I don't particularly want the rest of my devices /traffic to sit behind a vpn. 

 

Also Budman. No difference hardwiring the laptop. Still cannot ping. Should have mentioned, i also have a NAS with a static ip of 0.26 which doesn't currently give me any issue. Pingable from both wired and wireless devices. 

Well turn off the vpn on you pi, can you now get to it?

 

What router do you have - you can for sure run vpn on router and then just policy route what devices on your network you want to use the vpn..  This is clicky cickity on say pfsense.

Seems like a logical thing to do, and I would have done that earlier however I currently not sure I can. The VPN starts automatically with a script when ever the pi it boots up., therfore I'd have done this via an ssh command previously. I think I will need to reimage the raw retropie OS on to its sd card, and then ssh back in all my code with the exception of the VPN. Not a huge task but will take me a few hours in-between family life. 

 

It's a TP link Archer vr2800. Would welcome your thoughts on the art of the possible regards the VPN implementation on this device. My VPN provider is Ipvanish

 

Thanks mate 

That is gateway device is it not?  Ie modem/router combo - I doubt it has such functionality, and you prob can not run 3rd party firmware that would support it.

 

Can you not console in to the pi, or just use a keyboard and mouse to interact with it to turn off the vpn?  Maybe it block it from access vpn, or disconnect it from the internet network for a while to disable the script?

Nope not if you want to policy route some clients behind to a vpn service.  Can you not just fire up a different router?  You have anything you can run pfsense on, or box you can setup VMs on that could be your router?

 

Also that they still over a PPTP as vpn server is scary!  That has not been secure in over 5 years for sure..   prob more like 7, 2012 is when it came apart I do believe..

 

From that interface sure looks like you can put it into bridge mode and just run a router behind it.

  On 19/09/2019 at 13:35, rageagainstmachine said:

Would I not therfore be better just returning it and buying a cheaper modem, and separate router? What parts can you recommend mate. Its needs to be capable of MER (option 61), for sky 

 

 

Expand  

yes. for this and a few other reasons I always recommend having the router separate from the modem.

 

Main reasons are:

  1. Combos tend to be more locked down as you've noticed
  2. Combos don't get as frequent updates and can easily be left unpatched when a security flaw is found
  3. Combos tend to have more of a bottleneck as well compared to separating them

Get a basic modem that's compatible with your service provider and a router capable of using OpenWRT and your possibilities will be almost endless :)

Asus routers are also great as there is an extended firmware based on the official one called Merlin and it adds a bunch of useful features and bug fixes while keeping the native interface.

  On 19/09/2019 at 13:44, Brandon H said:

Get a basic modem that's compatible with your service provider and a router capable of using OpenWRT

Expand  

What about a Netgear DM200 Modem with an Asus RT-AC86U router?

on a little research it looks like the ASUS routers support VPN but only OpenVPN; if that protocol works for your VPN then that router should work splendidly for you with the Merlin OS

https://www.asuswrt-merlin.net/about

 

it looks like the newer Asus routers don't support full 3rd party firmwares like OpenWRT though so if OpenVPN doesn't work for you you may want to look into another router brand like Netgear

 

for a similar price it looks like the Netgear Nighthawk X6 has good OpenWRT support :)

 

https://www.amazon.com/R8000-100NAS-Nighthawk-Tri-Band-Ethernet-Compatible/dp/B00KWHMR6G/ref=sr_1_3?keywords=netgear%2Br8000&qid=1568906256&s=gateway&sr=8-3&th=1

https://openwrt.org/toh/hwdata/netgear/netgear_r8000

I would not suggest any of those soho routers, even if they support 3rd party to be honest... Get a real router, and then AP.. Yeah its even more separation.

 

Something like the sg1100 would be an entry level router.. $179 (price went up)

https://www.netgate.com/solutions/pfsense/sg-1100.html

 

Then a real AP, say uap-ac-lite or pro 80$ for the lite.

 

Then switch that can do vlans, say $40...

 

Now your talking $300...   But there would be pretty much nothing you couldn't do.

  • Like 2
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Firefox, for privacy, wide range of plugins without having to suffer the latest Google manifest restrictions and when used on Android for the mobile browser plugins like an ad-blocker, sadly that option isn't available to me now I've swapped to iOS as outside of the EU Firefox mobile is just a reskin of Safari
    • Ok will give that a shot soon as wake up in morning.     Hopefully does restore it working right  
    • Try doing a reset/repair on the Windows store: To reset the Microsoft Store on Windows 11, press the Windows key + I to open Settings, go to Apps & features, find Microsoft Store, click on it, select Advanced options, and then click the Reset button. This will clear the cache and restore the app to its default state, which can help resolve issues.
    • Microsoft's new Exchange Message Trace: What admins need to know before September by Paul Hill Microsoft has just announced the general availability of the new Message Trace in the Exchange admin center (EAC) in Exchange Online for its worldwide (WW) customers. The Redmond giant said that it’ll begin rolling it out in mid-June and complete the rollout in July. Message Trace in the Exchange Admin Center for Exchange Online is a tool that lets admins trace which path emails took as they traveled through the Microsoft 365 organization. It lets admins see if emails were received, rejected, or deferred. It is helpful for troubleshooting mail flow issues and validating policy changes. To get started with the new Message Trace, admins can access it by going to the Exchange admin center > Mail flow > Message Trace. While the Windows-maker has received positive feedback during the Public Preview, you can still provide your thoughts through Exchange admin center > Give Feedback. In addition, Microsoft will continue to maintain the old Message Trace user experience in Exchange admin center and cmdlets for several months to ease the transition, however, they will be deprecated for WW customers starting from September 1. The Reporting Webservice support for Message Trace data will also begin deprecating on this date. A side note to mention here is that this timeline only applies to the WW environment and doesn’t affect GCC, GCC-High, DOD, or other sovereign clouds. More information about the switch over for those will be provided in the second half of the year. Who it affects, and how These changes need to be noted by Exchange Online administrators and IT professionals as those are the people who will be directly affected. Specifically, it will affect anyone managing mail flow and troubleshooting email delivery in Exchange Online. Those who are affected will have to get switched over to the new Message Trace before Microsoft starts deprecating features in several months time. Admins will want to act promptly to avoid any unforeseen issues that could arise. Another detail that admins should be aware of is that scripts that rely on the older “Get-MessageTrace” or “Get-MessageTraceDetail” cmdlets will break on September 1. To address this, admins will need to update their scripts to use the new “Get-MessageTraceV2” and the “Get-MessageTraceDetailV2” cmdlets. Finally, any admins out there using the Reporting Webservice for Message Trace data will also need to make a change. They will need to shift to the new Message Trace PowerShell cmdlets. Why it’s happening Microsoft has been working on a new Message Trace experience, incorporating feedback from the Public Preview phase, to improve its design and performance. The switch gives Microsoft the opportunity to standardize and modernize admin interfaces and the underlying technologies. What to watch for While September 1 may seem like a long way away, fixing any issues, such as scripts due to deprecations, could take some time. Any admins managing the affected items need to ensure they deal with affected components in a timely manner. In terms of documentation, Microsoft has so far only released the Public Preview document which highlights the changes between the old and new versions. Microsoft says that it will publish cmdlet documentation for the new Message Trace cmdlets by the time of the general availability, so admins should look out for that.
    • Microsoft PC Manager 3.17.2.0 (Offline Installer) by Razvan Serea With Microsoft PC Manager, users can easily perform basic computer maintenance and enhance the speed of their devices with just one click. This app offers a range of features, including disk cleanup, startup app management, virus scanning, Windows Update checks, process monitoring, and storage management. Microsoft PC Manager key features: Storage Manager- easily uninstall infrequently used apps, manage large files, perform a cleanup, and set up Storage Sense to automatically clear temporary files. Health Checkup feature -scans for potential problems, viruses, and startup programs to turn off. It helps you identify unnecessary items to remove, optimizing your system's performance. Pop-up Management - block pop-up windows from appearing in apps. Windows Update - scans your system for any pending updates. Startup Apps - enable or disable startup apps on your PC, allowing you to optimize your system's startup performance. Browser Protection - rest assured that harmful programs cannot alter your default browser. Also enables you to change your default browser. Process Management - allows you to conveniently terminate any active process, ensuring optimal system performance and resource utilization. Anti-virus protection - Fully integrated with Windows Security. Safeguard your PC anytime. Quick Steps: Download Microsoft PC Manager Offline Installer (APPX/MSIX) with Adguard Adguard serves as a third-party online service, offering a user-friendly method for directly downloading appx, appxbundle, and msixbundle files from the Microsoft Store. Official download links will be generated for both the app's various versions and its dependency packages. How to download Microsoft PC Manager Offline Installer (APPX/MSIX) 1. Initially, you must find the app URL within the Microsoft Store. Access the Microsoft Store via your browser and search for "Microsoft PC Manager". Once located, copy the app URL, which includes the product ID, either from the address bar or from the provided link below. https://apps.microsoft.com/detail/9PM860492SZD 2. Now paste the app URL into the designated area, then click the check mark button to produce a direct download link. 3. To download, right-click the relevant link and select “Save link as…” from your browser's menu. Occasionally, Microsoft Edge may flag the download as insecure. In such cases, consider utilizing alternative browsers such as Google Chrome or Firefox to successfully complete the download. Microsoft PC Manager is a completely free tool optimized exclusively for use on Windows 10 (version 1809 or newer) and Windows 11. Download: Microsoft PC Manager 3.17.2.0 | from Microsoft Store View: Microsoft PC Manager Home Page Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      Leonard grant earned a badge
      Week One Done
    • One Month Later
      portacnb1 earned a badge
      One Month Later
    • Week One Done
      portacnb1 earned a badge
      Week One Done
    • First Post
      m10d earned a badge
      First Post
    • Conversation Starter
      DarkShrunken earned a badge
      Conversation Starter
  • Popular Contributors

    1. 1
      +primortal
      261
    2. 2
      snowy owl
      158
    3. 3
      +FloatingFatMan
      145
    4. 4
      ATLien_0
      140
    5. 5
      Xenon
      131
  • Tell a friend

    Love Neowin? Tell a friend!