From owner-freebsd-questions@FreeBSD.ORG Thu Sep 25 18:11:30 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D150A9C for ; Thu, 25 Sep 2014 18:11:30 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 06AF8A48 for ; Thu, 25 Sep 2014 18:11:29 +0000 (UTC) Received: from [192.168.0.197] ([95.91.231.51]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LrvBu-1YGxZx3FWA-013foW; Thu, 25 Sep 2014 20:11:27 +0200 Message-ID: <54245ACE.5000605@gmx.de> Date: Thu, 25 Sep 2014 20:11:26 +0200 From: "lokadamus@gmx.de" User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: Zhi-Qiang Lei Subject: Re: VPN client cannot receive packets References: <6AF0AAAB-E7F2-4FA7-81E5-223DA924DDE1@gmail.com> <542424A2.6080408@gmx.de> <2330161C-FA96-4843-AEDA-376344483D61@gmail.com> <5424444A.4020802@gmx.de> <833C8AEE-E240-4729-B394-F311B7A6C52E@gmail.com> In-Reply-To: <833C8AEE-E240-4729-B394-F311B7A6C52E@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:fXOBWfEE5WbjoUCmoW0UnbUeeWzvvHEzP6YQWzqVOoYXdCrO6Gv nzMCJOfZarbM4ss/1G0JZXrxAaiM/svSESARwuM8L5l0P5mNgKC7CKUaA/uBVV2b0u8RTpG /j3PVENTRsxzkN6rvk6kzvbn/Mo2+DofM9Prk79Bz1LETHNT38tYxzzuEKyPIedS9fjwg7X MNXhEQknweHXxC/IwRKqA== X-UI-Out-Filterresults: notjunk:1; Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 18:11:30 -0000 On 25.09.2014 20:05, Zhi-Qiang Lei wrote: > On Sep 26, 2014, at 12:35 AM, lokadamus@gmx.de wrote: > >> On 25.09.2014 16:47, Zhi-Qiang Lei wrote: >> >>> Hi, >>> >>> It is my router/firewall with internet connection. >>> >>> This time I try to list the packets from 8.8.8.8, but there are none. >>> >>> root@freebsd-7638:~ # tcpdump src 8.8.8.8 >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >>> listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes >>> >>> Now the question URL is changed. >>> >>> http://serverfault.com/questions/631260/freebsd-l2tp-vpn-connection-error >>> >>> Best regards, >>> Zhi-Qiang Lei >>> zhiqiang.lei@gmail.com >>> >>> On Sep 25, 2014, at 10:20 PM, lokadamus@gmx.de wrote: >>> >>>> On 25.09.2014 08:48, Zhi-Qiang Lei wrote: >>>> >>>>> I setup a L2TP/IPsec VPN as this article: >>>>> >>>>> http://wiki.stocksy.co.uk/wiki/L2TP_VPN_in_FreeBSD >>>>> >>>>> My problem is that the connected clients cannot receive packets, however, sending is okay. >>>>> >>>>> Here are the tcpdump results if I tried to ping 8.8.8.8: >>>>> >>>>> root@freebsd-7638:~ # tcpdump -i vtnet0 icmp >>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >>>>> listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes >>>>> 05:55:17.630770 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 0, length 64 >>>>> 05:55:18.627825 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 1, length 64 >>>>> 05:55:19.624058 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 2, length 64 >>>>> 05:55:20.618946 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 3, length 64 >>>>> 05:55:21.622551 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 4, length 64 >>>>> >>>>> What could be wrong? And how can I troubleshoot? You may reply on SuperUser if you want, thanks in advance. >>>>> >>>>> http://superuser.com/questions/816485/cannot-receive-packets >>>>> >>>>> Best regards, >>>>> Zhi-Qiang Lei >>>>> zhiqiang.lei@gmail.com >>>>> >>>>> _______________________________________________ >>>>> freebsd-questions@freebsd.org mailing list >>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>>>> >>>> Hi, >>>> >>>> Is this your router/ firewall with internet connection? >>>> Look with tcpdump for traffic at 8.8.8.8. >>>> So you can see, if traffic comes back or is missing before your vpn system. >>>> >>>> >>>> Best regards >>>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >> Stupid mistake, have you made a vpn connection with google (8.8.8.8) or with another subnet on the other side? >> When you will test you vpn connection you should ping your other side of your vpn connection. >> >> Best regards, >> > > When I connect to VPN, I can ping the VPN (gateway) server with its IP in VPN. (My IP in VPN is 192.168.99.150) > > $ ping 192.168.99.1 > PING 192.168.99.1 (192.168.99.1): 56 data bytes > 64 bytes from 192.168.99.1: icmp_seq=0 ttl=64 time=441.677 ms > 64 bytes from 192.168.99.1: icmp_seq=1 ttl=64 time=361.192 ms > 64 bytes from 192.168.99.1: icmp_seq=2 ttl=64 time=281.524 ms > 64 bytes from 192.168.99.1: icmp_seq=3 ttl=64 time=300.120 ms > 64 bytes from 192.168.99.1: icmp_seq=4 ttl=64 time=430.178 ms > > But I cannot ping 8.8.8.8. > > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > Request timeout for icmp_seq 0 > Request timeout for icmp_seq 1 > Request timeout for icmp_seq 2 > Request timeout for icmp_seq 3 > Request timeout for icmp_seq 4 > Request timeout for icmp_seq 5 > > When I ping 8.8.8.8, tcpdump on VPN server shows that there is no response from 8.8.8.8. Did I miss something? Thanks. > > Best regards, > Zhi-Qiang Lei > > Do you use the same subnet on both sides? Don't do this. You will get a little trouble, when 2 systems use the same ip or DNS trouble will come. Can you give me a "netstat -nr", because it looks like you send all traffic to this vpn tunnel or you have a little problem with masked traffic. Best regards