Re: OpenVPN suddenly working one way only
- Reply: Andrea Venturoli : "Re: OpenVPN suddenly working one way only"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 05 Jul 2024 14:32:59 UTC
> On 7/5/24 11:31, Ronald Klop wrote: > > > Of course this can be a firewall or routing issue somewhere in between > > the hosts blocking traffic from B to A. > > Hmm... > The two hosts can communicate with any other protocol. > Also the VPN can handshake, so packets are exchanged correctly. > I'm only using ipfw: no packet is logged as blocked, but, in any case, > it blocks after tcpdumps sees them and I don't even see them. > > > > > Or both? Can you run tcpdump on the physical interfaces? What > > traffic do you see on the openvpn port? > > Let's say, after handshake, I ping A -> B: > _ A sees the request going out tun; > _ A sees the UDP packet going out via physical interface; > _ B sees the UDP packet arriving; > _ B sees the request coming in via tun; > _ B sees the answer going out via tun; > _ B sees the UDP packet going out the physical interface; > _ A doesn't see the UDP packet coming in (so obviously nothing on tun also). > > > > > Can you switch to TCP? > > Would be a little work and using OpenVPN/TCP is highly discouraged. > However, I just changed UDP port and it seems to work! > > I'm puzzled... > So maybe some system in between my two hosts was blocking packets, > but... after the handshake!?!?!? > Very strange. > Or host B has some trouble and changing its port helped??? Or host A has a zombie process with a UDP listen on the port? Often when I have problems with tunnels it is some residual thing left over from a prior run, like ppp(8) loves to leave behind named pipes in /var. > In any case, thanks a lot for answering. > bye > av. -- Rod Grimes rgrimes@freebsd.org