[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] LLC malformed Packets and Ethernet II Unknown TYPE field

Subject: [Openvpn-users] LLC malformed Packets and Ethernet II Unknown TYPE field
From: condor_rl@xxxxxxxxx
Date: Mon, 1 Nov 2004 12:58:32 +0100


Hi,
I have a strange problem using OpenVPN 2 beta 11 with my linux box and 
kernel 2.6.8.1-mm4.
Let me explain the senario and the problem...


SCENARIO:
There are 2 PC, 1 OpenVPN server and 1 OpenVPN client.

The server has 2 NICs, the ETH0 has an IP address and it is the way how to
reach the OpenVPN server and The IP address whare the OpenVPN process is
listening.
The ETH1 is without IP configured. It has only layer 2 address.
I configured a Bridge BR0 with 2 interface the ETH1 and the TAP0
interface.

The OpenVPN process "read" and "write" on the ETH1 and TAP0 interface.
This system let me to have a real layer2 link encapsulated and encrypted in a
TCP or UDP tunnel.



THE PROBLEM:


I have 2 clients, one MACOSX and one Linux, to connect to the OpenVPN
server.

- Using the OSX client

When I connect to the server and I perform a tcpdump on
the TAP0 interface I can see all the Broadcast Traffic of the LAN where
the OpenVPN Server's eth1 is located.
All is working fine, I can get my IPv4 and IPv6 address.

- Using the Linux client

When I connect to the server and I perform a tcpdump
on
the TAP0 interface I can see lots of traffic, the same number of packets
I can see with MACOSX client but it is a strange traffic because I see only traffic
like this:

Ethernet II frames with the TYPE field Unknown (0x4500) as you can
see in the packet below:
The frams are decode with Ethereal 10.4


No.     Time        Source                Destination           Protocol Info
      1 0.000000    80:78:14:00:08:00     5e:00:00:02:00:04     0x4500   Ethernet II

Frame 1 (60 bytes on wire, 60 bytes captured)
    Arrival Time: Oct 16, 2004 10:18:39.962765000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 60 bytes
    Capture Length: 60 bytes
Ethernet II, Src: 80:78:14:00:08:00, Dst: 5e:00:00:02:00:04
    Destination: 5e:00:00:02:00:04 (5e:00:00:02:00:04)
    Source: 80:78:14:00:08:00 (80:78:14:00:08:00)
    Type: Unknown (0x4500)
Data (46 bytes)

0000  5e 00 00 02 00 04 80 78 14 00 08 00 45 00 00 30   ^......x....E..0
0010  c1 ef 40 00 ff 11 f8 a0 92 30 4e f9 e0 00 00 02   ..@......0N.....
0020  22 b8 22 b8 00 1c f9 19 21 4e 69 01 00 01 95 7d   ".".....!Ni....}
0030  92 30 4e 01 00 00 00 00 00 00 00 00               .0N.........




There are also more Ethernet II frames with the TYPE Unknown as I listed below:

Ethernet II frames but with the TYPE field Unknown (0xfefe)
Ethernet II frames but with the TYPE field Unknown (0xffff)
Ethernet II frames but with the TYPE field Unknown (0xe0e0)
Ethernet II frames but with the TYPE field Unknown (0xaaaa)
Ethernet II frames but with the TYPE field Unknown (0x7600)


Another frame type I cans see is the IEEE 802.3 frames.
The LLC fields in the IEEE 802.3 frames are (Malformed Packets) as you can see in
the packets below.
When I say (Malformed Packets) I meen that Ethereal decode the frame in
this way:


No.     Time        Source                Destination           Protocol Info
      3 0.000056    52:f7:55:41:08:06     ff:ff:ff:ff:02:e0     LLC      [Malformed Packet]

Frame 3 (58 bytes on wire, 58 bytes captured)
    Arrival Time: Oct 16, 2004 10:18:39.962821000
    Time delta from previous packet: 0.000026000 seconds
    Time since reference or first frame: 0.000056000 seconds
    Frame Number: 3
    Packet Length: 58 bytes
    Capture Length: 58 bytes
IEEE 802.3 Ethernet 
    Destination: ff:ff:ff:ff:02:e0 (ff:ff:ff:ff:02:e0)
    Source: 52:f7:55:41:08:06 (52:f7:55:41:08:06)
    Length: 1
    Trailer: 000604000102E052F755419230410100...
Logical-Link Control
    DSAP: SNA (0x08)
    IG Bit: Individual
[Malformed Packet: LLC]

0000  ff ff ff ff 02 e0 52 f7 55 41 08 06 00 01 08 00   ......R.UA......
0010  06 04 00 01 02 e0 52 f7 55 41 92 30 41 01 00 00   ......R.UA.0A...
0020  00 00 00 00 92 30 41 01 00 00 00 00 00 00 00 00   .....0A.........
0030  00 00 00 00 00 00 00 00 00 00                     ..........



I'm sure I have some problems on my Linux TCP/IP stack, but I can not
understand where! I suppose the 802.2 and 802.3..
Is this problem related to the LLC support enabled in the kernel?


Do you have any ideas?


Bye
Lorenzo

LinuxUser: 71680	OpenPGP-> KeyID: 0x25B9E15E
===================================================
Fingerprint:
BF76 8EC9 A14D 2CD4 195F  9E7D 6834 A8AE 25B9 E15E
---------------------------------------------------

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: [Openvpn-users] OpenVPN with XP client - can ping both ends but do little else !
Next by Date: [Openvpn-users] Windows XP SP2: TAP-Win32 non-functional after boot
Previous by thread: Re: [Openvpn-users] OpenVPN with XP client - can ping both ends but do little else !
Next by thread: [Openvpn-users] Windows XP SP2: TAP-Win32 non-functional after boot
Index(es):
- Date
- Thread