-----BEGIN PGP SIGNED MESSAGE-----|
There are 2 basic types of data that OpenVPN will send out the physical
network: control data and tunnel data. Control data is used to
exchange TLS keys when in tls-server or tls-client mode and for ping
The TLS negotiation occurs once per hour by default unless the
"reneg-sec" option (or the 2 other "reneg-*" settings) was set, so
that's not what this data is unless you modified the renegotiation
settings in your setup. If you have enabled the "ping" option either
end, or used "keepalive" on the server, OpenVPN will send a secure ping
packet at the interval specified. Both of these causes can be
identified by checking your config files for the above options.
If the data being sent is not control data then it is tunnel data,
which means one of the hosts is sending the other one traffic across
the VPN. In order to determine what it is you can start a packet
capture program on either host and bind it to the virtual network
interface (the tun or tap adapter.) You will then be able to see the
data "inside" the VPN tunnel to determine what it is. For Windows you
can install and use Wireshark <http://wireshark.org/>, and for
Linux/Unix/MacOS you can use tcpdump (or the Wireshark front-end if you
want a graphical program.)
As an example, if your adapter is tun0 on the FC4 box, you could run
"tcpdump -i tun0" to see the data, or "tcpdump -v -w traffic_dump.pcap
-i tun0" to save the data to a file which can be viewed with Wireshark
or played back with "tcpdump -r".
Hope this helps.
Roman Budzianowski wrote:
> I got openvpn working between FC4
on my home LAN and clients on the
> outside (OS X and Windows XP). Thank you for making it available.
> noticed that there is a lot of traffic even if the tunnel is not
> actively used, every 5 seconds, some 240 bytes. Is this normal or
> setup is a problem? The most annoying part is that even if no
> is open, my gateway netscreen 5XT reports every 5 seconds that
> VIP server is down, then up (filling up the log) suggesting
> network activity of the openvpn server. I am not a network guy,
> pardon my naivete. I'd appreciate any pointers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
-----END PGP SIGNATURE-----
OpenVPN mailing lists