[Bug 213709] Upgrade 10.3->11.0 (something blocks connections for openvpn)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Oct 22 18:36:52 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213709
Bug ID: 213709
Summary: Upgrade 10.3->11.0 (something blocks connections for
openvpn)
Product: Services
Version: unspecified
Hardware: amd64
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Bug Tracker
Assignee: bugmeister at FreeBSD.org
Reporter: arkadiusz.majewski at iptrace.pl
CC: freebsd-amd64 at FreeBSD.org
CC: freebsd-amd64 at FreeBSD.org
After upgrade to 11.0-RELEASE something blocks connections between
openvpn-client and openvpn-server etc.
I mean traffic after openvpn connection is established, so user can connect but
has no traffic.
Only one connected user is forwarded/routed to destinations/other hosts etc.
When the second and more users are connected there is no traffic for them.
Works: 10.3-RELEASE and openvpn-2.3.12_1
Doesn't work: 11.0-RELEASE and openvpn-2.3.12_1
I've disabled PF and it's not helped.
Client got vpn IP, dns, gateways etc.
Problem occured on two upgraded servers.
When I disconenct the first client, the second has no immediately traffic I
have to reconnect.
It means only one client which first established connection is able to forward
packets.
listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes
2016-10-22 19:53:53.391140 AF IPv4 (2), length 88: 10.10.10.2 > 10.0.0.16: ICMP
echo request, id 28711, seq 0, length 64
2016-10-22 19:53:53.392093 AF IPv4 (2), length 88: 10.0.0.16 > 10.10.10.2: ICMP
echo reply, id 28711, seq 0, length 64
2016-10-22 19:53:54.418406 AF IPv4 (2), length 88: 10.10.10.2 > 10.0.0.16: ICMP
echo request, id 28711, seq 1, length 64
2016-10-22 19:53:54.418755 AF IPv4 (2), length 88: 10.0.0.16 > 10.10.10.2: ICMP
echo reply, id 28711, seq 1, length 64
2016-10-22 19:53:55.407177 AF IPv4 (2), length 88: 10.10.10.2 > 10.0.0.16: ICMP
echo request, id 28711, seq 2, length 64
2016-10-22 19:53:55.407986 AF IPv4 (2), length 88: 10.0.0.16 > 10.10.10.2: ICMP
echo reply, id 28711, seq 2, length 64
2016-10-22 19:54:00.114782 AF IPv4 (2), length 64: 10.10.10.3 > 10.0.0.16: ICMP
echo request, id 1, seq 1200, length 40
2016-10-22 19:54:04.993728 AF IPv4 (2), length 64: 10.10.10.3 > 10.0.0.16: ICMP
echo request, id 1, seq 1201, length 40
2016-10-22 19:54:09.991531 AF IPv4 (2), length 64: 10.10.10.3 > 10.0.0.16: ICMP
echo request, id 1, seq 1202, length 40
10.10.10.2-3 clients
10.0.0.16 destination
listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
2016-10-22 20:10:30.375394 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 58877,
seq 0, length 64
2016-10-22 20:10:30.375737 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877,
seq 0, length 64
2016-10-22 20:10:31.345897 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 58877,
seq 1, length 64
2016-10-22 20:10:31.346183 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877,
seq 1, length 64
2016-10-22 20:10:32.353331 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 58877,
seq 2, length 64
2016-10-22 20:10:32.353659 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877,
seq 2, length 64
2016-10-22 20:10:33.386036 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 58877,
seq 3, length 64
2016-10-22 20:10:33.386448 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877,
seq 3, length 64
2016-10-22 20:10:34.375291 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 58877,
seq 4, length 64
2016-10-22 20:10:34.375935 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877,
seq 4, length 64
2016-10-22 20:10:35.374819 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 98: 10.10.10.2 > 10.0.0.16: ICMP echo request, id 58877,
seq 5, length 64
2016-10-22 20:10:35.375371 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 98: 10.0.0.16 > 10.10.10.2: ICMP echo reply, id 58877,
seq 5, length 64
2016-10-22 20:11:07.936758 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 74: 10.10.10.3 > 10.0.0.16: ICMP echo request, id 1, seq
1208, length 40
2016-10-22 20:11:07.937176 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 74: 10.0.0.16 > 10.10.10.3: ICMP echo reply, id 1, seq
1208, length 40
2016-10-22 20:11:07.937250 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.671143 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.671239 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.671690 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.671708 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.694139 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.694168 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:09.695613 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:10.388725 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:12.508085 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 74: 10.10.10.3 > 10.0.0.16: ICMP echo request, id 1, seq
1209, length 40
2016-10-22 20:11:12.508361 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 74: 10.0.0.16 > 10.10.10.3: ICMP echo reply, id 1, seq
1209, length 40
2016-10-22 20:11:12.508439 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:13.575831 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:13.608864 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:13.608944 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:13.609062 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:13.609082 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:15.297036 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.235472 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.514191 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 74: 10.10.10.3 > 10.0.0.16: ICMP echo request, id 1, seq
1210, length 40
2016-10-22 20:11:17.514610 00:a0:98:87:50:a5 > 00:a0:98:68:86:08, ethertype
IPv4 (0x0800), length 74: 10.0.0.16 > 10.10.10.3: ICMP echo reply, id 1, seq
1210, length 40
2016-10-22 20:11:17.514707 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.609568 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.609662 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.609684 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.609694 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:17.609728 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:21.129764 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:21.608993 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
2016-10-22 20:11:21.829625 00:a0:98:68:86:08 > 00:a0:98:87:50:a5, ethertype
IPv4 (0x0800), length 70: 10.0.0.10 > 10.0.0.16: ICMP time exceeded in-transit,
length 36
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 00:a0:98:68:86:08
inet 10.0.0.10 netmask 0xfffffe00 broadcast 10.0.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::2a0:98ff:fe68:8608%tun0 prefixlen 64 scopeid 0x3
inet 10.10.10.1 --> 10.10.10.2 netmask 0xffffff00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun
Opened by PID 690
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-amd64
mailing list