tcpdump is in the listening mode but shows nothing when I ping 10.8.0.6
(from other terminal session)
ela@akacja:~$ sudo tcpdump -ni tun0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
I installed OpenVPN client on my laptop (Win7 64) and after connection
(get 10.8.0.10) the situation is the same: can't connect to my server
Maybe client's log (below) helps:
Thu Feb 08 17:48:11 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL
(OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Feb 08 17:48:11 2018 Windows version 6.1 (Windows 7) 64bit
Thu Feb 08 17:48:11 2018 library versions: OpenSSL 1.0.2l 25 May 2017,
LZO 2.10
Enter Management Password:
Thu Feb 08 17:48:11 2018 MANAGEMENT: TCP Socket listening on
[AF_INET]127.0.0.1:25340
Thu Feb 08 17:48:11 2018 Need hold release from management interface,
waiting...
Thu Feb 08 17:48:11 2018 MANAGEMENT: Client connected from
[AF_INET]127.0.0.1:25340
Thu Feb 08 17:48:11 2018 MANAGEMENT: CMD 'state on'
Thu Feb 08 17:48:11 2018 MANAGEMENT: CMD 'log all on'
Thu Feb 08 17:48:11 2018 MANAGEMENT: CMD 'echo all on'
Thu Feb 08 17:48:11 2018 MANAGEMENT: CMD 'hold off'
Thu Feb 08 17:48:11 2018 MANAGEMENT: CMD 'hold release'
Thu Feb 08 17:48:12 2018 Outgoing Control Channel Authentication: Using
256 bit message hash 'SHA256' for HMAC authentication
Thu Feb 08 17:48:12 2018 Incoming Control Channel Authentication: Using
256 bit message hash 'SHA256' for HMAC authentication
Thu Feb 08 17:48:12 2018 TCP/UDP: Preserving recently used remote
address: [AF_INET]46.174.211.152:1194
Thu Feb 08 17:48:12 2018 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Feb 08 17:48:12 2018 UDP link local: (not bound)
Thu Feb 08 17:48:12 2018 UDP link remote: [AF_INET]46.174.211.152:1194
Thu Feb 08 17:48:12 2018 MANAGEMENT: >STATE:1518108492,WAIT,,,,,,
Thu Feb 08 17:48:12 2018 MANAGEMENT: >STATE:1518108492,AUTH,,,,,,
Thu Feb 08 17:48:12 2018 TLS: Initial packet from
[AF_INET]46.174.211.152:1194, sid=9b554dd1 93601c01
Thu Feb 08 17:48:13 2018 VERIFY OK: depth=1, C=PL, ST=podkarp,
L=RZeszow, O=Home, OU=Community, CN=Home CA, name=server,
emailAddress=ber...@iinteria.pl
Thu Feb 08 17:48:13 2018 VERIFY KU OK
Thu Feb 08 17:48:13 2018 Validating certificate extended key usage
Thu Feb 08 17:48:13 2018 ++ Certificate has EKU (str) TLS Web Server
Authentication, expects TLS Web Server Authentication
Thu Feb 08 17:48:13 2018 VERIFY EKU OK
Thu Feb 08 17:48:13 2018 VERIFY OK: depth=0, C=PL, ST=podkarp,
L=RZeszow, O=Home, OU=Community, CN=server, name=server,
emailAddress=ber...@iinteria.pl
Thu Feb 08 17:48:14 2018 WARNING: 'cipher' is used inconsistently,
local='cipher AES-256-CBC', remote='cipher AES-128-CBC'
Thu Feb 08 17:48:14 2018 WARNING: 'keysize' is used inconsistently,
local='keysize 256', remote='keysize 128'
Thu Feb 08 17:48:14 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3
ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Feb 08 17:48:14 2018 [server] Peer Connection Initiated with
[AF_INET]46.174.211.152:1194
Thu Feb 08 17:48:15 2018 MANAGEMENT: >STATE:1518108495,GET_CONFIG,,,,,,
Thu Feb 08 17:48:15 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Feb 08 17:48:15 2018 PUSH: Received control message:
'PUSH_REPLY,route 10.10.10.0 255.255.255.0,route 10.10.11.0
255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart
120,ifconfig 10.8.0.10 10.8.0.9,peer-id 1,cipher AES-256-GCM'
Thu Feb 08 17:48:15 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 08 17:48:15 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Feb 08 17:48:15 2018 OPTIONS IMPORT: route options modified
Thu Feb 08 17:48:15 2018 OPTIONS IMPORT: peer-id set
Thu Feb 08 17:48:15 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Thu Feb 08 17:48:15 2018 OPTIONS IMPORT: data channel crypto options
modified
Thu Feb 08 17:48:15 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Feb 08 17:48:15 2018 Outgoing Data Channel: Cipher 'AES-256-GCM'
initialized with 256 bit key
Thu Feb 08 17:48:15 2018 Incoming Data Channel: Cipher 'AES-256-GCM'
initialized with 256 bit key
Thu Feb 08 17:48:15 2018 interactive service msg_channel=388
Thu Feb 08 17:48:15 2018 ROUTE_GATEWAY 100.82.199.51/255.255.255.255
I=61 HWADDR=00:00:00:00:00:00
Thu Feb 08 17:48:15 2018 open_tun
Thu Feb 08 17:48:15 2018 TAP-WIN32 device [Połączenie lokalne 3] opened:
\\.\Global\{5C6C7D46-E7D4-4389-9A09-8D00F33C096A}.tap
Thu Feb 08 17:48:15 2018 TAP-Windows Driver Version 9.21
Thu Feb 08 17:48:15 2018 Notified TAP-Windows driver to set a DHCP
IP/netmask of 10.8.0.10/255.255.255.252 on interface
{5C6C7D46-E7D4-4389-9A09-8D00F33C096A} [DHCP-serv: 10.8.0.9, lease-time:
31536000]
Thu Feb 08 17:48:15 2018 Successful ARP Flush on interface [53]
{5C6C7D46-E7D4-4389-9A09-8D00F33C096A}
Thu Feb 08 17:48:15 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Feb 08 17:48:15 2018 MANAGEMENT:
>STATE:1518108495,ASSIGN_IP,,10.8.0.10,,,,
Thu Feb 08 17:48:20 2018 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Thu Feb 08 17:48:20 2018 MANAGEMENT: >STATE:1518108500,ADD_ROUTES,,,,,,
Thu Feb 08 17:48:20 2018 C:\Windows\system32\route.exe ADD 10.10.10.0
MASK 255.255.255.0 10.8.0.9
Thu Feb 08 17:48:20 2018 Route addition via service succeeded
Thu Feb 08 17:48:20 2018 C:\Windows\system32\route.exe ADD 10.10.11.0
MASK 255.255.255.0 10.8.0.9
Thu Feb 08 17:48:20 2018 Route addition via service succeeded
Thu Feb 08 17:48:20 2018 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK
255.255.255.255 10.8.0.9
Thu Feb 08 17:48:20 2018 Route addition via service succeeded
Thu Feb 08 17:48:20 2018 WARNING: this configuration may cache passwords
in memory -- use the auth-nocache option to prevent this
Thu Feb 08 17:48:20 2018 Initialization Sequence Completed
Thu Feb 08 17:48:20 2018 MANAGEMENT:
>STATE:1518108500,CONNECTED,SUCCESS,10.8.0.10,46.174.211.152,1194,,
Regards,
B
W dniu 2018-02-08 o 17:23, Tom Eastep pisze:
On 02/08/2018 04:35 AM, Bernard Drozd wrote:
Hi,
What address did the Android device get?
10.8.0.6
While pinging, it would be good to be running:
tcpdump -ni tun0 icmp
That way, you can see the ping traffic going out tun0 and coming in
that interface.
When I try ping Android (10.8.0.6) from LAN unfortunately receive
'Destination Host Unreachable':
ela@akacja:~$ ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
From 10.8.0.1 icmp_seq=1 Destination Host Unreachable
However when I ping gate: 10.8.0.1 is OK.
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.136 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=0.132 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=0.132 ms
Regards, B
And what did you see from tcpdump?
-Tom
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
