Date: Sat, 22 Oct 2016 18:36:52 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 213709] Upgrade 10.3->11.0 (something blocks connections for openvpn) Message-ID: <bug-213709-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213709 Bug ID: 213709 Summary: Upgrade 10.3->11.0 (something blocks connections for openvpn) Product: Services Version: unspecified Hardware: amd64 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Bug Tracker Assignee: bugmeister@FreeBSD.org Reporter: arkadiusz.majewski@iptrace.pl CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org After upgrade to 11.0-RELEASE something blocks connections between openvpn-client and openvpn-server etc. I mean traffic after openvpn connection is established, so user can connect= but has no traffic. Only one connected user is forwarded/routed to destinations/other hosts etc. When the second and more users are connected there is no traffic for them. Works: 10.3-RELEASE and openvpn-2.3.12_1 Doesn't work: 11.0-RELEASE and openvpn-2.3.12_1 I've disabled PF and it's not helped. Client got vpn IP, dns, gateways etc. Problem occured on two upgraded servers. When I disconenct the first client, the second has no immediately traffic I have to reconnect. It means only one client which first established connection is able to forw= ard packets. listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes 2016-10-22 19:53:53.391140 AF IPv4 (2), length 88: 10.10.10.2 > 10.0.0.16: = ICMP echo request, id 28711, seq 0, length 64 2016-10-22 19:53:53.392093 AF IPv4 (2), length 88: 10.0.0.16 > 10.10.10.2: = ICMP echo reply, id 28711, seq 0, length 64 2016-10-22 19:53:54.418406 AF IPv4 (2), length 88: 10.10.10.2 > 10.0.0.16: = ICMP echo request, id 28711, seq 1, length 64 2016-10-22 19:53:54.418755 AF IPv4 (2), length 88: 10.0.0.16 > 10.10.10.2: = ICMP echo reply, id 28711, seq 1, length 64 2016-10-22 19:53:55.407177 AF IPv4 (2), length 88: 10.10.10.2 > 10.0.0.16: = ICMP echo request, id 28711, seq 2, length 64 2016-10-22 19:53:55.407986 AF IPv4 (2), length 88: 10.0.0.16 > 10.10.10.2: = ICMP echo reply, id 28711, seq 2, length 64 2016-10-22 19:54:00.114782 AF IPv4 (2), length 64: 10.10.10.3 > 10.0.0.16: = ICMP echo request, id 1, seq 1200, length 40 2016-10-22 19:54:04.993728 AF IPv4 (2), length 64: 10.10.10.3 > 10.0.0.16: = ICMP echo request, id 1, seq 1201, length 40 2016-10-22 19:54:09.991531 AF IPv4 (2), length 64: 10.10.10.3 > 10.0.0.16: = ICMP echo request, id 1, seq 1202, length 40 10.10.10.2-3 clients 10.0.0.16 destination listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes 2016-10-22 20:10:30.375394 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 588= 77, seq 0, length 64 2016-10-22 20:10:30.375737 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877, seq 0, length 64 2016-10-22 20:10:31.345897 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 588= 77, seq 1, length 64 2016-10-22 20:10:31.346183 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877, seq 1, length 64 2016-10-22 20:10:32.353331 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 588= 77, seq 2, length 64 2016-10-22 20:10:32.353659 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877, seq 2, length 64 2016-10-22 20:10:33.386036 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 588= 77, seq 3, length 64 2016-10-22 20:10:33.386448 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877, seq 3, length 64 2016-10-22 20:10:34.375291 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 588= 77, seq 4, length 64 2016-10-22 20:10:34.375935 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877, seq 4, length 64 2016-10-22 20:10:35.374819 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 588= 77, seq 5, length 64 2016-10-22 20:10:35.375371 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877, seq 5, length 64 2016-10-22 20:11:07.936758 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 74: 10.10.10.3 > 10.0.0.16: ICMP echo request, id 1, = seq 1208, length 40 2016-10-22 20:11:07.937176 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 74: 10.0.0.16 > 10.10.10.3: ICMP echo reply, id 1, seq 1208, length 40 2016-10-22 20:11:07.937250 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.671143 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.671239 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.671690 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.671708 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.694139 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.694168 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:09.695613 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:10.388725 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:12.508085 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 74: 10.10.10.3 > 10.0.0.16: ICMP echo request, id 1, = seq 1209, length 40 2016-10-22 20:11:12.508361 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 74: 10.0.0.16 > 10.10.10.3: ICMP echo reply, id 1, seq 1209, length 40 2016-10-22 20:11:12.508439 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:13.575831 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:13.608864 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:13.608944 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:13.609062 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:13.609082 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:15.297036 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.235472 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.514191 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 74: 10.10.10.3 > 10.0.0.16: ICMP echo request, id 1, = seq 1210, length 40 2016-10-22 20:11:17.514610 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype IPv4 (0x0800), length 74: 10.0.0.16 > 10.10.10.3: ICMP echo reply, id 1, seq 1210, length 40 2016-10-22 20:11:17.514707 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.609568 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.609662 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.609684 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.609694 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:17.609728 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:21.129764 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:21.608993 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 2016-10-22 20:11:21.829625 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-tran= sit, length 36 vtnet0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric= 0 mtu 1500 options=3D80028<VLAN_MTU,JUMBO_MTU,LINKSTATE> ether 00:a0:98:68:86:08 inet 10.0.0.10 netmask 0xfffffe00 broadcast 10.0.1.255 nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet 10Gbase-T <full-duplex> status: active tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=3D80000<LINKSTATE> inet6 fe80::2a0:98ff:fe68:8608%tun0 prefixlen 64 scopeid 0x3 inet 10.10.10.1 --> 10.10.10.2 netmask 0xffffff00 nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL> groups: tun Opened by PID 690 --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213709-6>