Why can't I ping my public ip?

Your router probably is configured to not to reply on pings from the outside network. There is probably an option in the router configuration to enable it.

what do you mean by your public IP? Your IP of your server or your external IP?

external

Most home routers block pings.  you should go to canyouseeme.org to see what ports are open and see if you can telnet or something instead of pinging.


I have the same setup as you.  Did you setup your linksys router to be the DMZplus on the uverse box? and allow it to have a static ip?  I have the 5 static ip block from uverse

Most likely a setting in the Linksys router blocking the ping requests which shouldn't be a problem internally, look through the router settings for a 'block ping requests' option.

Then you need to have a look at the setting in your router. There will be a tick box that will enable respond to ping. It can be in differnt locations depending on your router so have a look through the settings for a respond to ping setting.

I have Linksys e2000 router and I can't find the option anywhere if there is one.

first assumption would be is that a firewall is blocking the ICMP (ping) from the internet

second assumption is, your linksys router is configured not to reply to ICMP request coming from the WAN interface (internet side - the less secured side). you can check how your linksys router is configured. this kind of setup is seen as a default on other devices like firewalls as this is done for security reasons, this prevents flooding of scanning of your public IP from the internet side.

did your ISP (service provider) provided you your very own public IP? or are you just using a DSL connection? on the later case, most likely you are using a public IP that is NATed by your ISP to several customers (including you) and on the ISP side they are blocking ICMP request.

iif you have further questions or clarifications, I'd be glad to help you out on this :-)

I've looked everywhere in my router settings and there is nothing about ping.
shieldmanagement: I did setup my router to be the DMZPlus

ffleisma: From my knowledge it's just a general public ip. I have setup ftp on my server and I can access that and my website just fine. Its only if I try pinging the site or ip.

can you give the model of your linksys router so as we can check if it can be configured as such as what we mentioned.

also, when you created the ftp server, did you access it via the public IP? In that case, the server firewall prevents the ICMP request. try shutting down the firewall just for testing purposes.

it as an E2000 and yes I access ftp over public ip.

I am also trying to setup vpn on the server but I got stuck when i couldn't ping the address.

just a suggestion, you can try directly connecting a computer to your internet connection, disable the firewall on that computer and try pinging it from the internet. this setup will isolate and prove a point. first that indeed your public IP in pingable from the internet, second, that your linksys is the one blocking the ICMP request. In the mean time,  I'll try and find how your router configured

My guess is the the firewall is stopping pings, which is a good thing.

For troubleshooting you could likely enable WAN pings by unchecking the Security > Firewall > Filter Anonymous Internet Requests checkbox and Save the change.

lewisg: I tried what you suggested and tried turning off the firewall but still won't ping.

ffleisma: I assume by flashing the firmware I will loose all of my settings?

There is a good chance that router won't allow pings on the WAN connection. So what... Since you can FTP to your public IP you don't really need to ping in order to get VPN working. Pings are a test procedure. If you can FTP it tells you the same thing and more, your network is connected on the IP address you think it is AND it's working!

What sort of VPN are you trying to set up?

I keep getting this when I try to connect: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Through VPN.

Ok so I tried connecting through vpn from inside my network and it works fine but not outside my network. I assume something is blocking it.

Or you don't have the correct ports forwarded to the WS2008 box. Is the WS2008 box IP set as DMZ?

if it is a certificate that is showing that it is NOT from a trusted root authority, either download or view the certificate on the computer in question. Then do the following, IF you trust the certificate that is:

While viewing the Certificate
Click Install Certificate...
Click Next
Select Place all certificates in the following store
Click Browse
Select Trusted Root Certification Authorities
Click OK
Click Next
Click Finish

This should resolve the error related to the certificate not being published by a trusted root authority.

Yes, putting DDWRT or any other firmware (with the possible exception of manufacturers, in some instances) will cause you to loose ALL settings and configurations on your firewall.

lewisq: I have ports 1701, 1723, 4500, and 500 forwarded to my server ip. Also I can see everyone of those connections come into my router.

Another thing to note is ping does not use TCP/IP, rather it uses ICMP.

Since I don't deal with WS2008 and whatever proprietary embrace & extend horked up VPN M$ is pushing I have no idea what ports are needed.

For troubleshooting I would set the WS2008 box's IP as the DMZ on the router and see if VPN works from a remote location. If so then it's likely a port problem, if not it's likely a WS2008 VPN problem.

Did you try bclongacre's comment?

I do have DMZ setup on the router and it still doesn't work. I have not tied his comment because I am not sure what to do with it.

Which comment are you unsure about?  I can try to clarify and/or be more specific for you.

Your last one.

What I was referring to, is just because you have specific ports forwarded to your server does NOT meant that your ping will be forwarded, as it does not utilize standard TCP/IP ports/protocol.  Rather the Ping command itself is exercised through the use of ICMP (Internet Control Message Protocol).  So as a result you will likely need to ensure on your router that traffic for the specific service, or for ICMP is being allowed/forwarded as opposed to opening or forwarding specific TCP or UDP ports.

How would I do that? I don't see anything related to that in the router settings.

This is where some of the limitations of the Linksys software on the E2000 come into play, and where you would benefit from applying a 3rd party firmware to your router.  Again please note that doing so can cause your router to not ever turn on or be usable again if the install fails or if something goes wrong during the install, so there are risks involved.  That being said once, you have a new firmware such as DDWRT on your router, you essentially unlock a massive amount of potential, which is usually found in much higher grade, commercial or industrial routers.  This gives you a lot more, and more granular control over your device and how it can be configured, it also wipes the slate clean so anything you have configured to this point is gone, your settings will NOT be preserved.

Essentially what has occurred is you have either purchased or been issued a consumer product, that is NOT intended to allow you to run your own servers, etc... just how you want to run them behind your router.  Cisco, manufacturer of Linksys, would much rather you spend many hundreds of dollars to buy a device from them that will allow you to do what you want to do, the way you want to do it.

I am not to worried about flashing my router. I am just concerned that if I do it and everything goes fine it still doesn't work. I just need my VPN to work.

To me it sounds as though you require the ability to write specific NAT and Firewall policies to direct and allow traffic in specific ways.  This is something that cannot, evidently, be done w/ the default firmware, and you would be able to do w/ DDWRT, if/when you have it properly configured.

Another option you can try, is allocate your external IP address to your Server, and connect it directly to your internet connection, then try to establish the VPN, pulling the Linksys device completely out of the equation.  

Let's take a step back...

Your original question "Why can't I ping my public ip?" has been answered. Several times. It's because your router apparently won't respond to unsolicited ICMP packets on it's WAN interface. I think it should by by unchecking the Security > Firewall > Filter Anonymous Internet Requests checkbox but it apparently currently doesn't. This could be by design OR your router config may be horked.

For the purposes of setting up a VPN replying to pings does not matter. The two have nothing to do with each other. Obviously you can connect to a FTP server using the your public IP, "it as an E2000 and yes I access ftp over public ip. " So pings are not an issue, correct?

As far as setting up your VPN it appears that you are connecting but authentication is failing. You said: "I keep getting this when I try to connect: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."  So the IP address is not an issue, correct?

Does you WS2008 box have a fixed IP address on the LAN?

Is the FTP server running on the WS2008 box?

Do you know how to backup and restore the settings on your router (E2000)?

Are you willing to restore your router to factory config?

Are you willing to load aftermarket firmware like DD-WRT?

One more Q:

About how many devices are on this LAN?

lewisq: The ip is not an issue. Inside my network I can vpn just fine with the public ip.
Yes, my WS2008 has a fixed ip.
Yes the FTP is running on the WS2008 box.
No I do not know how to backup and restore settings.
Yes I plan on loading the aftermarket firmware tonight just need to know how to backup the settings and restore them.

There is only my server and Residental Gateway connected to my router but I have about 4 wan connections.

Yes, my WS2008 has a fixed ip. - Good

Yes the FTP is running on the WS2008 box. - Good, makes things easier.

No I do not know how to backup and restore settings. - Backup and restore will ONLY work with similar firmware. Do NOT attempt to restore settings from the factory setup into a router with DD-WRT!
 
Yes I plan on loading the aftermarket firmware tonight just need to know how to backup the settings and restore them. - See above, the backup is just in case you need to get back to where you are now, if possible.

There is only my server and Residental Gateway connected to my router but I have about 4 wan connections. - Umm, do you actually have 4 LAN connections?


My inclination would be to:

1. Back up your config.
manual: http://homedownloads.cisco.com/downloads/userguide/E2000_UG_USA_V10_NC-WEB.pdf
Backup is on Page 34

2. Reset the router to factory.
Manual Page 36

3. Change AS LITTLE as possible on the router to get your LAN working.

4. Set the IP of the WS2008 box as DMZ on the router.
Manual Page 11
DMZ = Enabled
Source IP = Any
Destination IP = WS2008 fixed IP

5. test!

It may work...

Umm, do you actually have 4 LAN connections? Well I have two laptops and two computers connected through wifi.

So you have:

DSL -> Modem -> Router -> LAN (WS2003, 2 laptops, 2 WiFi computers) ?

When referring to "sides" of a router:
LAN = Local Area Network, devices on your local network, 192.168.?.? or something like that.
WAN = Wide Area Network, all the other network devices in the world that are NOT on your LAN.

correct.

Have you checked to make sure that there are not firewalls on both the Modem and the Router?  If you enable the access that is possible to enable on the E2000, there would still be a possibility that the DSL Modem could be blocking traffic, that is, if, it is a separate device, as I am understanding it at the moment.

I have the modem setup for DMZ for the router. I have u-verse.

Can you put the modem in bridge mode instead of DMZ?
And disabling any firewall functions provided by the modem?
What modem model are you using?

It's a Residential Gateway by 2wire. From my knowledge DMZ is all I can do. How would it make a difference anyway? I can connect through ftp just fine.

We won't know the difference until it has been applied.  There is always the chance that there is some firewall/filter/protection still turned on even when in DMZ mode.

I just read I can use my router as a bridge for the Residential Gateway or use my Residential Gateway as a modem which I already have setup correctly using it as a modem.

The double NAT of two routers may be causing problems.

Options:

1. Try the DMZ setup like I proposed in message ID: 34864895 It might work....

2. Set the 2wire box to bridge mode and use the E2000 as the router. This is the way I usually set up networks. Be aware that if you are using PPPOE authentication the username/password bit will have to move to the E2000.

3. Use the 2wire box as your router and the E2000 as an Access Point. The first thing to do is just use the 2wire box and your WS2008, leave the E2000 out of the network, hopefully you have a small hub/switch. Set the DMZ on the 2wire to the IP of the WS2008 server. Adjust IPs as needed. BE SURE the WS2008 is a fixed IP. If this works then you will need DD-WRT firmware to put the E2000 in AP mode. At that point you should be able to use the switch in the E2000 to handle your network devices. BE SURE you only have one DHCP server running.

Ok so I got the DD-WRT firmware installed just don't know how to setup the vpn on the router.

http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

Well I was able to get it to connect but I want to be able to view my shared folders on the network.
Anyway of doing that?

Nevermind. Everything seems to work fine now. One question though. Do I even need vpn setup on the server anymore?

Congratulations!

"Do I even need vpn setup on the server anymore?" No. Unless you have some reason for non-VPN users to FTP to the WS2008 box I would not have any ports on the WS2008 box exposed to the Internet.

Now you have PPTP working if you want to try a more secure SSL VPN here are the instructions:
http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B

Did you bridge the 2wire box or did you stick with the E2000 being DMZ on the 2wire box?

I stuck with the E2000 being DMZ on the 2wire box. It seems to work ok but it keeps kicking me off the VPN every 10 or 15 min. Is there a setting I need to change or is it something I am doing on my computer?

Thanks for all the help.

You may need to look at the duration of the VPN connect, if it is set to timeout, or if there is a keepalive/heartbeat enabled.  You should be able to find log entries that may lead you toward the answer, if you have an issue w/ the stability of your internet connection on either end of your VPN that can cause disconnects, if your network card is set to reduce/adjust power or turn itself off to save power you will want to disable that (on the connecting computer).

I would just like to note, as was expressed above, this is a far cry from the initial question of Why can't I ping.

Where would I find the duration of the vpn connect?