[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] icmp works, tcp not, tcp packets have incorrect checksums


  • Subject: Re: [Openvpn-users] icmp works, tcp not, tcp packets have incorrect checksums
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Wed, 8 Mar 2006 17:28:44 +0100

Den onsdag 8.mar kl. 16:53 skrev harald.lampesberger@xxxxxxx:

Hi,

maybe someone can help me with my problem:

maybe


i have following setup:


[client]-----[VPN-Box]-----[Target]

server-config of openvpn server, running on VPN-Box:
proto udp
port 1194
dev tun
push "route 10.0.0.0 255.255.255.0"
tls-server
server 192.168.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/idsserver.crt
key /etc/openvpn/keys/idsserver.key
keepalive 10 60
persist-key
persist-tun
verb 1

client-config:
remote <VPN Box ip>
pull
proto udp
port 1194
tls-client
dev tun
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
key /etc/openvpn/keys/sensor.key
cert /etc/openvpn/keys/sensor.crt
keepalive 10 60
verb 1




The VPN-Box has following routes and ip's: Internal ip: 10.0.0.2, net.ipv4.ip_forward=1, no iptables rules

192.168.1.2 * 255.255.255.255 UH 0 0 0 tun0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 tun0
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0



The Target has following routes and ip's: IP: 10.0.0.5, no iptables rules

10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 10.0.0.2 255.255.255.0 UG 0 0 0 eth0
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0






And here is my problem:
I am able to establish a tunnel from the client to the VPN-Box. The client
gets a 192.168.1.x ip and the 10.0.0.0-route, which is pushed by the
server, is set.


From the client, I can ping the VPN-Box through 192.168.1.1 and 10.0.0.2,
i can also ping the Target with 10.0.0.5. 10.0.0.5 can ping the client and
all interfaces from the VPN-Box.

How big ping packets have you tried with?


But i cannot send data through an established tcp-session (no firewalls)
from Target to client. Packets from Client to Target arive without
problems, but the other direction makes problems. TCP Communication
between VPN-Box and Target works flawlessly without checksum problems.



TCP-Packets monitored with tcpdump at eth0 of the VPN-Box: Client ---> Target OK Target ---> Client Data-Packets have incorrect checksums

check for bad memory/netcards/cables somewhere.

Check if using a TCP tunnel works better than UDP.



JonB


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users