Date: Thu, 25 Sep 2014 20:11:26 +0200 From: "lokadamus@gmx.de" <lokadamus@gmx.de> To: Zhi-Qiang Lei <zhiqiang.lei@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: VPN client cannot receive packets Message-ID: <54245ACE.5000605@gmx.de> In-Reply-To: <833C8AEE-E240-4729-B394-F311B7A6C52E@gmail.com> References: <6AF0AAAB-E7F2-4FA7-81E5-223DA924DDE1@gmail.com> <542424A2.6080408@gmx.de> <2330161C-FA96-4843-AEDA-376344483D61@gmail.com> <5424444A.4020802@gmx.de> <833C8AEE-E240-4729-B394-F311B7A6C52E@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25.09.2014 20:05, Zhi-Qiang Lei wrote: > On Sep 26, 2014, at 12:35 AM, lokadamus@gmx.de wrote: > >> On 25.09.2014 16:47, Zhi-Qiang Lei wrote: >> >>> Hi, >>> >>> It is my router/firewall with internet connection. >>> >>> This time I try to list the packets from 8.8.8.8, but there are none. >>> >>> root@freebsd-7638:~ # tcpdump src 8.8.8.8 >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >>> listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes >>> >>> Now the question URL is changed. >>> >>> http://serverfault.com/questions/631260/freebsd-l2tp-vpn-connection-error >>> >>> Best regards, >>> Zhi-Qiang Lei >>> zhiqiang.lei@gmail.com >>> >>> On Sep 25, 2014, at 10:20 PM, lokadamus@gmx.de wrote: >>> >>>> On 25.09.2014 08:48, Zhi-Qiang Lei wrote: >>>> >>>>> I setup a L2TP/IPsec VPN as this article: >>>>> >>>>> http://wiki.stocksy.co.uk/wiki/L2TP_VPN_in_FreeBSD >>>>> >>>>> My problem is that the connected clients cannot receive packets, however, sending is okay. >>>>> >>>>> Here are the tcpdump results if I tried to ping 8.8.8.8: >>>>> >>>>> root@freebsd-7638:~ # tcpdump -i vtnet0 icmp >>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >>>>> listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes >>>>> 05:55:17.630770 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 0, length 64 >>>>> 05:55:18.627825 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 1, length 64 >>>>> 05:55:19.624058 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 2, length 64 >>>>> 05:55:20.618946 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 3, length 64 >>>>> 05:55:21.622551 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 4, length 64 >>>>> >>>>> What could be wrong? And how can I troubleshoot? You may reply on SuperUser if you want, thanks in advance. >>>>> >>>>> http://superuser.com/questions/816485/cannot-receive-packets >>>>> >>>>> Best regards, >>>>> Zhi-Qiang Lei >>>>> zhiqiang.lei@gmail.com >>>>> >>>>> _______________________________________________ >>>>> freebsd-questions@freebsd.org mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>>>> >>>> Hi, >>>> >>>> Is this your router/ firewall with internet connection? >>>> Look with tcpdump for traffic at 8.8.8.8. >>>> So you can see, if traffic comes back or is missing before your vpn system. >>>> >>>> >>>> Best regards >>>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >> Stupid mistake, have you made a vpn connection with google (8.8.8.8) or with another subnet on the other side? >> When you will test you vpn connection you should ping your other side of your vpn connection. >> >> Best regards, >> > > When I connect to VPN, I can ping the VPN (gateway) server with its IP in VPN. (My IP in VPN is 192.168.99.150) > > $ ping 192.168.99.1 > PING 192.168.99.1 (192.168.99.1): 56 data bytes > 64 bytes from 192.168.99.1: icmp_seq=0 ttl=64 time=441.677 ms > 64 bytes from 192.168.99.1: icmp_seq=1 ttl=64 time=361.192 ms > 64 bytes from 192.168.99.1: icmp_seq=2 ttl=64 time=281.524 ms > 64 bytes from 192.168.99.1: icmp_seq=3 ttl=64 time=300.120 ms > 64 bytes from 192.168.99.1: icmp_seq=4 ttl=64 time=430.178 ms > > But I cannot ping 8.8.8.8. > > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > Request timeout for icmp_seq 0 > Request timeout for icmp_seq 1 > Request timeout for icmp_seq 2 > Request timeout for icmp_seq 3 > Request timeout for icmp_seq 4 > Request timeout for icmp_seq 5 > > When I ping 8.8.8.8, tcpdump on VPN server shows that there is no response from 8.8.8.8. Did I miss something? Thanks. > > Best regards, > Zhi-Qiang Lei > > Do you use the same subnet on both sides? Don't do this. You will get a little trouble, when 2 systems use the same ip or DNS trouble will come. Can you give me a "netstat -nr", because it looks like you send all traffic to this vpn tunnel or you have a little problem with masked traffic. Best regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54245ACE.5000605>