Hi, On Sat, May 16, 2026 at 07:32:44PM +0200, Piotr Dobrogost wrote: > On Fri, May 15, 2026 at 8:23???AM Gert Doering <[email protected]> wrote: > > > > What we need is a dump that shows the handshake, and the ports used, > > and then a ping, showing the ports used *then*. > > Please see the attached files.
Thanks. This is interesting, because the effect we saw with the ICMP
unreachables is ... gone?!
> [miner@hostx ~]$ sudo /usr/bin/openvpn --config /etc/openvpn/client/sfx.conf
> --verb 11
> 2026-05-16 18:06:15 us=617273 dco_install_key: peer_id=0 keyid=0 epoch=0,
> currently 0 keys installed
> 2026-05-16 18:06:15 us=617293 dco_new_key: slot 0, key-id 0, peer-id 0,
> cipher AES-256-GCM, epoch 0
So this is the timestamp when the OpenVPN handshake is done, and the
in-kernel data channel is up.
> [miner@hostx ~]$ sudo tcpdump -i enp5s0 host vpn.sfx.pl
> dropped privs to tcpdump
> tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
> listening on enp5s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
> 18:06:14.101371 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 14
> 18:06:14.109679 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 26
> 18:06:14.110169 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 1222
> 18:06:14.110325 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 347
> 18:06:14.118547 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 22
This is all handshaking...
> 18:06:15.282579 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 22
> 18:06:15.282579 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 294
> 18:06:15.621137 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 34
... until here. Tunnel up.
> 18:06:16.134836 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 97
> 18:06:16.135196 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 225
> 18:06:16.141944 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 387
Not exactly sure what this is, might be a few more control channel
packets...
> 18:06:17.135584 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 225
> 18:06:18.136627 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 225
> 18:06:19.135609 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
> 18:06:19.135821 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
> 18:06:19.137089 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 225
> 18:06:19.137585 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 64
> 18:06:19.413595 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 64
> 18:06:20.136696 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
> 18:06:20.136893 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
> 18:06:20.541444 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 108
... but at least some of *these* are the pings - and unlike the last
dump, we see no response whatsoever, and it's using the correct source
port. So whatever happened in that other dump (ICMP unreach) is not
happening here.
> 18:06:20.550251 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 105
> 18:06:21.355157 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 97
> 18:06:21.362815 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 387
> 18:06:21.541736 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 108
> 18:06:21.550201 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 105
> 18:06:22.137235 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
> 18:06:22.137443 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
> 18:06:22.565714 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 108
> 18:06:22.573739 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 105
... here we have quite a bit of bidirectional chatter, which looks
quite reasonable on the outside...
So, to be honest, I have no idea right now. I did not look very closely
at the OpenVPN log (it's late), maybe some more insights can be found
there (correlating time stamps).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
