Site Navigation

Date:      Tue, 23 Apr 2019 21:16:56 -0500
From:      Karl Denninger <karl@denninger.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: openvpn
Message-ID:  <a2326e8d-5d5c-6030-7d10-72dee3216f8a@denninger.net>
In-Reply-To: <0A8436BD-EFB8-4A54-B920-329096B89C5B@mail.sermon-archive.info>
References:  <0A8436BD-EFB8-4A54-B920-329096B89C5B@mail.sermon-archive.info>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]

On 4/22/2019 19:53, Doug Hardie wrote:
> I am trying to setup an openvpn server on my home network.  Home machines are all running FBSD 12.0 Release.  openvpn was installed as a package.  The results are quite confusing.  Ping from an external device works correctly to all the home machines.  I can use tcpdump to see the request packets arriving at the openvpn server, being sent to the recipient machine, the response packets being sent from the recipient machine to the openvpn server, and then sent to the external device.  The external device shows that the response was received with a reasonable response time given that it is a cell phone.  
>
> However, when I try to access a web page on any of the servers, I see the same set of packets via tcpdump.  In addition if I run ktrace on the openvpn server, I see the encrypted packets from the client being received.  The decrypted packets sent to the home server.  The unencrypted response from the home server, and the encrypted response sent to the phone.  However, the phone says that the server dropped the connection, or it shows a blank page.
>
> My first thought was that there was an encryption issue, but if that were the case, ping would not work.  Checking the ping packets shows that they are encrypted between the phone and the openvpn server.  Likewise a routing issue in the home network does not seem to be the problem for the same reason.  All the info I have found on the web about vpn indicates that a ping test should be sufficient.  But, in this case it is not.
>
> Any ideas on how to track down the problem, or fix it?  Thanks,
>
> -- Doug

IMHO -- post your configuration file to the list....

I use OpenVPN with ipfw's internal NAT and it works fine, but the config
file is a bit wonky and if you get it wrong you'll either have no DNS on
the client or packets won't get routed.  Either way the connection comes
up but it doesn't work.

-- 
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


��
�0��0���
�H���^��Ōc!5�
�H0
	*�H��


0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA0
170817164217Z
270815164217Z0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0�"0
	*�H��



�0�
�
�h�-5B>[���;��o���l�Ӵ��0~͎O9}�9�Y��e������*�������$��g��!uk�vʶ�LzN�`jL�>��MD'7
U4����5C�B�+�kY`bd����~b*�c3�N��y-�78j�u�]9H�e��uέ�sӬD��ؽ�m��gw�ER�?�&U�UR�j����'�}�9n�WD i�`XcbG��z�\g������G=��u�%���\�O�i1���3���ߝ4�
�K4�4p�YQr]�Ie�/r�0+��eEޝݖ0��C15�M��ݚ@J�SZ(zȏ�N�Ta�(2��5�D�D5���.l�<g[[Za��r�Q�Q%�Bu�ȴ
����~~`���I�oh�R�b����ʳ��ڟ���u�2���M�S��8E�dF��UC���l�CM�aѳ����!����}ș�+�2��k
��/�bų�E,��n�当ꖛ\�(8�WV�8	d]�b�	�������y�X��w	܊�:I�39

��

0�
0U]�^§������Q�\ӎ�0��U#��0�����T0�3���9�N0b������0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA�	�@�U��i0U

�0

�
0U

�
�0
	*�H��


�
��:P U!>v�����J�ni��o�-����#�ן�]Wyu�j���ǑR̀��Q�
�nƇ�!GѦF��g\�yLx�g�w=�O�P��yceh�f[���}�ܷ�['4�ڝ�\[p6\o.
��B&�JF���"�ZC{;�*o�*�mc��Cc�LY߾�`
�t�*�S!����񫶭�(���`�]D�HP�5���A~/�N���Pp�����6�=�m��h�k�밣'd���oA$�86hm����5���Ӛ��S@�j���ެE���gl��
�)�0JG���`%�k�3�5��P��a��C?���σ
׳HE�t
}!�P���㏏%*���B�xb��Q�waKG����$6h�¦��M�v��e;��[o��-�Iی��&
���I,��T��c�ߎ#t �wPA�@��l0�P�+�KXB��պT	z���G�v;N��c��I3��&��JĬ���UP�N��a��?�/�%�W��6G۟N�0�00��
��k���#X��d��\�=0
	*�H��


0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA0
170817212120Z
220816212120Z0W10	UUS10UFlorida10U
Cuda Systems LLC10Ukarl@denninger.net0�"0
	*�H��



�0�
�
�T��[I�-ΆϏdn;�Å�@שy���.u�s�~_�Z�G%<��M��Y��d�\g��v�f��n�s�a��1'6����E�gyjs�"C� [�{��~��_���K���Pn+<�*�pv���#Q�����+��H���/���7[-v��qD��V^U>�f��%�GX�)��H.��|l`�M(C�r�>е͇6����#�o��dc"Y�ljҦ�ln8�@�5S�A�0���&ۖ"���OGj?��U��DWZ5	��dDB7k-)�9�����I�zs��-�JA���v
��J��6L���$�Ն����1Sm�Y.��Lqw*��SH;E��F'�D�Ħ��H��]��M��O��������g���Q���Q�|M�ٙ��ג2Z��9y��@���y�]}6ٽe��Y9��Y2�xˆ�$T�=�e�CǺ��ǵb�n֛�{��j��|��@�LL�t�1�[D�k5:$=�	`�	�M

��
�0�
�0<+


00.0,+
0
� http://ocsp.cudasystems.net:88880	U00	`�H
��B

�0U

��0U%0+
+
03	`�H
��B

&$OpenSSL Generated Client Certificate0U�%�՞V
=���؁�;�bzQ0��U#��0���]�^§������Q�\ӎϡ�����0��10	UUS10UFlorida10U	Niceville10U
Cuda Systems LLC10UCuda Systems CA1!0UCuda Systems LLC 2017 CA��H���^��Ōc!5�
�H0U0�karl@denninger.net0
	*�H��


�
�۠�A0�-j%-�-$%���g2#ޡ��1�^��>���{K+�u��GE���v1���ş7Af&b�&O�;.��;A5���*U��)N��D2bF��|\=�]<�sˋL!��wrw���٧>��Y���M���Ä���3\mW�R�� h�Sv���!�_�zv�����l�?� ��3_�� �xU%�\�^����#���O*���Gk̍�YI_�&�Fꊛ�����@&�1�n������”�}� ͬ:��{�hT�P3��B.�;���bU�8:Z��=^���Gw�8���!k-��@���x�E��@�i�,+'�Iᐚ:f��hz�tX7/�(h�Y`��� O�.������1}a`�%�RW��^�a�k������ǂp�C�Au�fgDix�UT��Щ/�7��}�%=j��nVZvcF����<�M=
�2^G�KH5魉
�_���O�4ެ�Byʈ�
��y��S��k�w=5�@h�.0�z�>�
W�1�0�

0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	`�H
e��E0	*�H��

	1	*�H��


0	*�H��

	1
190424021656Z0O	*�H��

	1B@��J�Vz��v��-��ň�ʺ�9x�ǡ���Ɏ<*���c��y/Q�����2Ɛ$ ��(�0l	*�H��

	1_0]0	`�H
e
*0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0��*�H��

	1�����0{10	UUS10UFlorida10U
Cuda Systems LLC10UCuda Systems CA1%0#UCuda Systems LLC 2017 Int CA��k���#X��d��\�=0
	*�H��



�d���|���W
Y�	�K�
�
�b��R.�����
�G-iW��Խ�d�!����C�^bq���Ģ�ez��L��F�m$�� t;�`"�ݓ��ua�屣�$�'�8м<7��{����g�93��{`��u(�1�R�]�~-Z>9�(�Ԁg�3�M��n�ZW��h��(:D3�J���`�a���)���+!��M���c�|L�{H�*s�z��J�`>3Oõ��O��?�,5֎�2bljlӂ�����Wmm�A�u�W�
�����Q��M���NY<TvM1a>�a+̈T�k�.�p%e/E���3�&�qd��o�N�M��������~�YMY�:ڮ�),�.��:�P�`���q�bf{�"n͝Ez\�W�H���w�&"/�	��8��s�Uv/�]"��3�(류e���9�r'���~�3����+)���1�"U$�A�#5�o�BLP�W�߅4����{S���Ԅ�p�$�XD��g�B���侤zvAW�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a2326e8d-5d5c-6030-7d10-72dee3216f8a>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact