Hi, On Tue, Aug 25, 2015 at 02:58:34PM +0100, Tiago Vasconcelos wrote: > # Server capture while running 'telnet 192.168.1.2 22' on the client > # As can be seen, the SYN is not responded and the client keeps retrying > > $ tcpdump -i tun0 -n > 14:30:41.389162 IP 172.31.0.6.60902 > 192.168.1.2.22: Flags [S], seq > 3893675608, win 4350, options [mss 1130,sackOK,TS val 6434347 ecr > 0,nop,wscale 1], length 0 > 14:30:44.338170 IP 172.31.0.6.60902 > 192.168.1.2.22: Flags [S], seq > 3893675608, win 4350, options [mss 1130,sackOK,TS val 6437347 ecr > 0,nop,wscale 1], length 0
Where is 172.31.0.6 routed to? If the linux side of things doesn't
route this address into the tun interface, it might be the rp_filter
eating the SYN ACK, or you're just not seeing the SYN ACK as it's
sent out to the default router...
> # Strangely, pings from the client do work!
>
> $ ping 192.168.1.2
> PING 192.168.1.2 (192.168.1.2): 56 data bytes
> 64 bytes from 192.168.1.2: seq=0 ttl=64 time=105.582 ms
> 64 bytes from 192.168.1.2: seq=1 ttl=64 time=103.611 m
Is it using the same IP addresse for the ping source (check with
tcpdump)?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp0xqQrFoNtC.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
