[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] OBSD and OVPN disappearing packets

Subject: [Openvpn-users] OBSD and OVPN disappearing packets
From: "Jim O'Gorman" <jogorman@xxxxxxxxx>
Date: Sat, 6 Jan 2007 18:25:40 -0600

I am having an issue with OBSD 4.0 running OVPN 2.0.9.

If you look at the packet traces, it appears that the packets are going through fine, except when it is an ack+data. Stand alone acks pass just fine. You can see this on these traces:

Lan interface:

18:10:49.475930 10.255.253.37.49342 > 10.10.80.116.135: S 2103918215:2103918215(0) win 8192 <mss 1160,nop,wscale 8,nop,nop,sackOK> (DF)
18:10:49.476030 10.10.80.116.135 > 10.255.253.37.49342 : S 1593573128:1593573128(0) ack 2103918216 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
18:10:49.546359 10.255.253.37.49342 > 10.10.80.116.135: . ack 1 win 67 (DF)
18:10:49.550593 10.255.253.37.49342 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:10:49.550723 10.10.80.116.135 > 10.255.253.37.49342: P 1:85(84) ack 117 win 65419 (DF)
18:10:50.319137 10.255.253.37.49342 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:10:50.319237 10.10.80.116.135 > 10.255.253.37.49342: . ack 117 win 65419 (DF)
18:10:52.487681 10.10.80.116.135 > 10.255.253.37.49342: P 1:85(84) ack 117 win 65419 (DF)
18:10:58.503257 10.10.80.116.135 > 10.255.253.37.49342: P 1:85(84) ack 117 win 65419 (DF)
18:11:10.534396 10.10.80.116.135 > 10.255.253.37.49342: P 1:85(84) ack 117 win 65419 (DF)
18:11:12.991800 10.255.253.37 > 10.10.80.116: icmp: echo request
18:11:12.991895 10.10.80.116 > 10.255.253.37: icmp: echo reply
18:11:13.048275 10.255.253.37.49331 > 10.10.80.116.389: P 351:363(12) ack 1 win 67 (DF)
18:11:13.159351 10.10.80.116.389 > 10.255.253.37.49331: . ack 363 win 65173 (DF)
18:11:13.217937 10.255.253.37.49331 > 10.10.80.116.389 : P 363:713(350) ack 1 win 67 (DF)
18:11:13.378099 10.10.80.116.389 > 10.255.253.37.49331: . ack 713 win 64823 (DF)
18:11:34.487281 10.10.80.116.135 > 10.255.253.37.49342: P 1:85(84) ack 117 win 65419 (DF)
18:11:39.980001 10.255.253.37.49342 > 10.10.80.116.135: R 117:117(0) ack 1 win 0 (DF)
18:11:39.985180 10.255.253.37.49346 > 10.10.80.116.135: S 1542858070:1542858070(0) win 8192 <mss 1160,nop,wscale 8,nop,nop,sackOK> (DF)
18:11:39.985261 10.10.80.116.135 > 10.255.253.37.49346: S 2787720298:2787720298(0) ack 1542858071 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
18:11:40.039665 10.255.253.37.49346 > 10.10.80.116.135: . ack 1 win 67 (DF)
18:11:40.042081 10.255.253.37.49346 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:11:40.042203 10.10.80.116.135 > 10.255.253.37.49346: P 1:85(84) ack 117 win 65419 (DF)
18:11:41.114462 10.255.253.37.49346 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:11:41.114563 10.10.80.116.135 > 10.255.253.37.49346: . ack 117 win 65419 (DF)
18:11:42.909082 10.10.80.116.135 > 10.255.253.37.49346: P 1:85(84) ack 117 win 65419 (DF)

Compared to the tun interface:

18:10:49.475799 10.255.253.37.49342 > 10.10.80.116.135: S 2103918215:2103918215(0) win 8192 <mss 1160,nop,wscale 8,nop,nop,sackOK> (DF)
18:10:49.476136 10.10.80.116.135 > 10.255.253.37.49342: S 1593573128:1593573128(0) ack 2103918216 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
18:10:49.546281 10.255.253.37.49342 > 10.10.80.116.135: . ack 1 win 67 (DF)
18:10:49.550558 10.255.253.37.49342 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:10:50.319071 10.255.253.37.49342 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:10:50.319277 10.10.80.116.135 > 10.255.253.37.49342 : . ack 117 win 65419 (DF)
18:11:12.991678 10.255.253.37 > 10.10.80.116: icmp: echo request
18:11:12.991976 10.10.80.116 > 10.255.253.37: icmp: echo reply
18:11:13.048172 10.255.253.37.49331 > 10.10.80.116.389: P 351:363(12) ack 1 win 67 (DF)
18:11:13.159407 10.10.80.116.389 > 10.255.253.37.49331 : . ack 363 win 65173 (DF)
18:11:13.217883 10.255.253.37.49331 > 10.10.80.116.389: P 363:713(350) ack 1 win 67 (DF)
18:11:13.378146 10.10.80.116.389 > 10.255.253.37.49331: . ack 713 win 64823 (DF)
18:11:39.979918 10.255.253.37.49342 > 10.10.80.116.135: R 117:117(0) ack 1 win 0 (DF)
18:11:39.985059 10.255.253.37.49346 > 10.10.80.116.135: S 1542858070:1542858070(0) win 8192 <mss 1160,nop,wscale 8,nop,nop,sackOK> (DF)
18:11:39.985363 10.10.80.116.135 > 10.255.253.37.49346: S 2787720298:2787720298(0) ack 1542858071 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
18:11:40.039608 10.255.253.37.49346 > 10.10.80.116.135: . ack 1 win 67 (DF)
18:11:40.042048 10.255.253.37.49346 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:11:41.114397 10.255.253.37.49346 > 10.10.80.116.135: P 1:117(116) ack 1 win 67 (DF)
18:11:41.114605 10.10.80.116.135 > 10.255.253.37.49346: . ack 117 win 65419 (DF)

However, this is not universal. For instance, check this trace out on the tun interface:

18:22:53.656096 10.255.253.37.49427 > 10.10.80.116.443: S 57147669:57147669(0) win 8192 <mss 1160,nop,wscale 2,nop,nop,sackOK> (DF)
18:22:53.656464 10.10.80.116.443 > 10.255.253.37.49427: S 2938259645:2938259645(0) ack 57147670 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
18:22:53.710549 10.255.253.37.49427 > 10.10.80.116.443: . ack 1 win 4350 (DF)
18:22:53.719758 10.255.253.37.49427 > 10.10.80.116.443: P 1:102(101) ack 1 win 4350 (DF)
18:22:53.720171 10.10.80.116.443 > 10.255.253.37.49427: P 1:983(982) ack 102 win 65434 (DF)
18:22:53.782328 10.255.253.37.49427 > 10.10.80.116.443: P 102:284(182) ack 983 win 4104 (DF)
18:22:53.785196 10.10.80.116.443 > 10.255.253.37.49427: P 983:1026(43) ack 284 win 65252 (DF)
18:22:54.398826 10.255.253.37.49427 > 10.10.80.116.443 : F 284:284(0) ack 1026 win 4093 (DF)
18:22:54.399095 10.10.80.116.443 > 10.255.253.37.49427: . ack 285 win 65252 (DF)
18:22:54.399162 10.10.80.116.443 > 10.255.253.37.49427: R 1026:1026(0) ack 285 win 0 (DF)
18:22:57.044513 10.255.253.37.49428 > 10.10.80.116.443: S 4102641051:4102641051(0) win 8192 <mss 1160,nop,wscale 2,nop,nop,sackOK> (DF)
18:22:57.044872 10.10.80.116.443 > 10.255.253.37.49428: S 701944810:701944810(0) ack 4102641052 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
18:22:57.102394 10.255.253.37.49428 > 10.10.80.116.443: . ack 1 win 4350 (DF)
18:22:57.105555 10.255.253.37.49428 > 10.10.80.116.443: P 1:134(133) ack 1 win 4350 (DF)
18:22:57.105972 10.10.80.116.443 > 10.255.253.37.49428: P 1:123(122) ack 134 win 65402 (DF)

Works just fine there.

There is a packet filter between them, but it is set to pass all traffic between the two interfaces when the 10.255.253 subnet is involved.

Any suggestions on what I can do to track this down?

Thanks for any help.
Jim

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: [Openvpn-users] possibility to create pkcs#12 without password
Next by Date: Re: [Openvpn-users] OpenBSD and lzo2
Previous by thread: [Openvpn-users] possibility to create pkcs#12 without password
Next by thread: [Openvpn-users] different users with different access privileges?
Index(es):
- Date
- Thread