I’ve had this set up and working for a long time, but now it fails. I am using Cloudflare for Dynamic DNS to allow me to VPN between my home and my vacation residence. The vacation place is CenturyLink, my home is Xfinity. I have 2 subdomains, let’s call them home.mydomain.com and lakeplace.mydomain.com. Both of these have DNS Only, A records.
When I ping home.mydomain.com or lakeplace.mydomain.com they show the same IP address as what is on my DNS tab in Cloudflare, but both return “Request Timed Out”. They used to answer to ping, but no longer do. It seems that my VPN connection from lake place to home.mydomain.com works fine in Wireguard, but I would still like to know why ping doesn’t work as it’s a quick way to test that my connection is up.
The elaboration here, as well as e.g. your mention of running a VPN (and given that Cloudflare only proxies HTTP traffic) indicate that you would be running those two host names as Unproxied () / DNS-only?
If that’s correct, nothing of it would have with Cloudflare to do.
Are you running with your own routers, or some router supplied by your ISP?
Some ISP-supplied devices have (at least, in the past) been seen dropping certain settings (e.g. revert them back to their defaults) with each update.
If the lake place is able to connect to home, it sounds like home should be able to work perfectly fine with pinging still, … depending, of course, on the router/firewall configuration there.
So, I would start there, by looking in your router, to see if a such setting to allow pinging may have been lost.
Well, darn, I feel pretty stupid. I forgot that I was also VPN’d into my employers network so therefore using their internet connection and ping must not be allowed within THEIR firewall or something.
Got off their VPN and everything works fine. Sorry for making such a silly stupid mistake. And thanks again to the Community for reading my post and trying to help.
Ok, one more thing to add. When I activate my VPN using Wireguard to my home network (Xfinity is the ISP) then ping works fine.
If I disconnect ALL VPNs, I am using CenturyLink as my ISP here at the lake. Now ping fails again. I took a look at the router and it allows ICMP stuff.
All the same, if it’s just a thing with CenturyLink, I’m not going to worry about it.
No worries! I believe we’ve all made such (or similar) kind of mistakes in our lives.
And, we’re are actually talking about pinging the public IP of the home network, e.g. the one that shows up on various sites such as e.g. https://canhazip.com/ (IPv6 / IPv4) when accessed directly from the “home” network?
And that one being consistent with the one you have on home.example.com in your DNS records, as Unproxied () / DNS-only?
It could sound like the pinging is going over the VPN while it is active, and as such, the router (at the home network) may see the ping as an “internal” ping, and therefore not have firewalled it off.
Have you tried pinging the public IP of the home network from e.g. a mobile/tablet while being on the cellular network, or otherwise “external” (… in othe words, a network that is not related to neither home nor lake place)?
The column above those check marks, … does it actually say “allow”, “block”, … or?
Yes, on Cloudflare they are set to be strictly DNS-Only. When I ping home.mydomain.com it says that it is trying to ping the public IP address, the same one that is displayed on Cloudflare’s DNS tab. Ditto for lakeplace.mydomain.com.
Further testing reveals that if not VPNing at all, ping fails.
If VPNing into my employer’s network, ping fails.
If VPNing (with Wireguard) into my home network, ping is successful.
FWIW, both of my personal VPNs are running through pivpn on Raspberry Pi devices, utilizing port forwarding. Not sure that matters, but I thought it might be relevant.
I cannot easily try this right now because the lake place doesn’t have cell service so I cannot test with a hot spot. If I go somewhere that is off of either network, I can repeat the tests.
) / DNS-only?
