Date: Fri, 5 Jul 2024 07:32:59 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Andrea Venturoli <ml@netfence.it> Cc: Ronald Klop <ronald-lists@klop.ws>, freebsd-net@FreeBSD.org Subject: Re: OpenVPN suddenly working one way only Message-ID: <202407051432.465EWx23029110@gndrsh.dnsmgr.net> In-Reply-To: <e60ef701-2394-4874-b6bf-3eaaf838c931@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 7/5/24 11:31, Ronald Klop wrote: > > > Of course this can be a firewall or routing issue somewhere in between > > the hosts blocking traffic from B to A. > > Hmm... > The two hosts can communicate with any other protocol. > Also the VPN can handshake, so packets are exchanged correctly. > I'm only using ipfw: no packet is logged as blocked, but, in any case, > it blocks after tcpdumps sees them and I don't even see them. > > > > > Or both? Can you run tcpdump on the physical interfaces? What > > traffic do you see on the openvpn port? > > Let's say, after handshake, I ping A -> B: > _ A sees the request going out tun; > _ A sees the UDP packet going out via physical interface; > _ B sees the UDP packet arriving; > _ B sees the request coming in via tun; > _ B sees the answer going out via tun; > _ B sees the UDP packet going out the physical interface; > _ A doesn't see the UDP packet coming in (so obviously nothing on tun also). > > > > > Can you switch to TCP? > > Would be a little work and using OpenVPN/TCP is highly discouraged. > However, I just changed UDP port and it seems to work! > > I'm puzzled... > So maybe some system in between my two hosts was blocking packets, > but... after the handshake!?!?!? > Very strange. > Or host B has some trouble and changing its port helped??? Or host A has a zombie process with a UDP listen on the port? Often when I have problems with tunnels it is some residual thing left over from a prior run, like ppp(8) loves to leave behind named pipes in /var. > In any case, thanks a lot for answering. > bye > av. -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202407051432.465EWx23029110>