[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] keep alive traffic?

  • Subject: Re: [Openvpn-users] keep alive traffic?
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Mon, 28 May 2007 14:05:16 -0500
  • Z-usanet-msgid: XID132LebTFs0178X36

Hash: SHA1

There are 2 basic types of data that OpenVPN will send out the physical network: control data and tunnel data.  Control data is used to exchange TLS keys when in tls-server or tls-client mode and for ping (keepalive) tests.

The TLS negotiation occurs once per hour by default unless the "reneg-sec" option (or the 2 other "reneg-*" settings) was set, so that's not what this data is unless you modified the renegotiation settings in your setup.  If you have enabled the "ping" option either end, or used "keepalive" on the server, OpenVPN will send a secure ping packet at the interval specified.  Both of these causes can be identified by checking your config files for the above options.

If the data being sent is not control data then it is tunnel data, which means one of the hosts is sending the other one traffic across the VPN.  In order to determine what it is you can start a packet capture program on either host and bind it to the virtual network interface (the tun or tap adapter.)  You will then be able to see the data "inside" the VPN tunnel to determine what it is.  For Windows you can install and use Wireshark <http://wireshark.org/>, and for Linux/Unix/MacOS you can use tcpdump (or the Wireshark front-end if you want a graphical program.)

As an example, if your adapter is tun0 on the FC4 box, you could run "tcpdump -i tun0" to see the data, or "tcpdump -v -w traffic_dump.pcap -i tun0" to save the data to a file which can be viewed with Wireshark or played back with "tcpdump -r".

Hope this helps.

Roman Budzianowski wrote:
> I got openvpn working between FC4 on my home LAN and clients on the 
> outside (OS X and Windows XP). Thank you for making it available. I 
> noticed that there is a lot of traffic even if the tunnel is not 
> actively used, every 5 seconds, some 240 bytes. Is this normal or my 
> setup is a problem? The most annoying part is that even if no tunnel 
> is open, my gateway netscreen 5XT reports every 5 seconds that the 
> VIP server is down, then up (filling up the log) suggesting frequent 
> network activity of the openvpn server. I am not a network guy, so 
> pardon my naivete. I'd appreciate any pointers.

- --
Version: GnuPG v1.4.7 (GNU/Linux)


______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users