As mentioned by Piotr, the port unreach messages are very likely some
residual from a previous connection, where the client is not active
anymore and thus rejectng the incoming packets.
That also explains the different port.
On 16/05/2026 22:31, Gert Doering wrote:
... but at least some of *these* are the pings - and unlike the last
dump, we see no response whatsoever, and it's using the correct source
port. So whatever happened in that other dump (ICMP unreach) is not
happening here.
18:06:20.550251 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 105
18:06:21.355157 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 97
18:06:21.362815 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 387
18:06:21.541736 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 108
18:06:21.550201 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 105
18:06:22.137235 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
18:06:22.137443 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 92
18:06:22.565714 IP hostx.34701 > xyz.sfx.pl.openvpn: UDP, length 108
18:06:22.573739 IP xyz.sfx.pl.openvpn > hostx.34701: UDP, length 105
... here we have quite a bit of bidirectional chatter, which looks
quite reasonable on the outside...
Looking at the timing, this pretty much feels like the ICMP request and
reply going out and back in.
If Piotr could dump on the tun device of the server, he may indeed see
the ICMP traffic.
So, to be honest, I have no idea right now. I did not look very closely
at the OpenVPN log (it's late), maybe some more insights can be found
there (correlating time stamps).
If the above is confirmed, it feels as if packets are being dropped on
the way in, but there is no indicator as to why or who is dropping them.
We know that on other F44 installations ovpn works just fine.
So there must be some bit on this setup that we are not aware of..
Not sure what it could be.
Piotr, not sure I asked before: could you check the stats with 'ip -s
link ovpn-sfx' ?
The dropped counter should increase if it's ovpn the one effectively
rejecting the packets.
Regards,
gert
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
