From nobody Fri Jul 05 11:20:56 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WFrg15H4Mz5P5Qf for ; Fri, 05 Jul 2024 11:21:01 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailserver.netfence.it", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WFrg11rjbz5256 for ; Fri, 5 Jul 2024 11:21:01 +0000 (UTC) (envelope-from ml@netfence.it) Authentication-Results: mx1.freebsd.org; none Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152]) (authenticated bits=0) by soth.netfence.it (8.18.1/8.17.2) with ESMTPSA id 465BKuG2020513 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Fri, 5 Jul 2024 13:20:56 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18] Message-ID: Date: Fri, 5 Jul 2024 13:20:56 +0200 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: OpenVPN suddenly working one way only Content-Language: en-US To: Ronald Klop Cc: freebsd-net@freebsd.org References: <55aa094a-bdf3-40de-8dd8-097bf734dfb6@netfence.it> <1689009862.4204.1720171900147@localhost> From: Andrea Venturoli In-Reply-To: <1689009862.4204.1720171900147@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.86 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT] X-Rspamd-Queue-Id: 4WFrg11rjbz5256 On 7/5/24 11:31, Ronald Klop wrote: > Of course this can be a firewall or routing issue somewhere in between > the hosts blocking traffic from B to A. Hmm... The two hosts can communicate with any other protocol. Also the VPN can handshake, so packets are exchanged correctly. I'm only using ipfw: no packet is logged as blocked, but, in any case, it blocks after tcpdumps sees them and I don't even see them. > Or both? Can you run tcpdump on the physical interfaces? What > traffic do you see on the openvpn port? Let's say, after handshake, I ping A -> B: _ A sees the request going out tun; _ A sees the UDP packet going out via physical interface; _ B sees the UDP packet arriving; _ B sees the request coming in via tun; _ B sees the answer going out via tun; _ B sees the UDP packet going out the physical interface; _ A doesn't see the UDP packet coming in (so obviously nothing on tun also). > Can you switch to TCP? Would be a little work and using OpenVPN/TCP is highly discouraged. However, I just changed UDP port and it seems to work! I'm puzzled... So maybe some system in between my two hosts was blocking packets, but... after the handshake!?!?!? Very strange. Or host B has some trouble and changing its port helped??? In any case, thanks a lot for answering. bye av.