[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]
[Openvpn-users] No windows browsing across openvpn tunnel

Subject: [Openvpn-users] No windows browsing across openvpn tunnel
From: "Bill Ries-Knight" <steelhoof@xxxxxxxxx>
Date: Wed, 10 Jan 2007 16:13:21 -0800
I have had to replace one end of a successful openvpn tunnel when the
linux serve was cracked.

The tunnel was reimpleminted with good traffic throughput.

If I try to browse from 192.168.1.x (the end the replaced server is
on) to 192.168.19.x or back, the browse fails.

I can use remote desktop acoss to 192.168.19.x from 192.168.1.x fine,
but cannot go from 192.168.19.x to 192.168.1.x.

Http traffic is fine in both directions as is tcp/ip type traffic.

here is a typical dump from syslog on the 192.168.1.1 end of ttun1:

Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23030
PROTO=UDP SPT=68 DPT=67 LEN=252
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23031
PROTO=UDP SPT=67 DPT=68 LEN=308
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23032
PROTO=UDP SPT=68 DPT=67 LEN=252
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23033
PROTO=UDP SPT=67 DPT=68 LEN=308
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23034
PROTO=UDP SPT=68 DPT=67 LEN=252
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23035
PROTO=UDP SPT=67 DPT=68 LEN=308
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23036
PROTO=UDP SPT=68 DPT=67 LEN=252
Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23037
PROTO=UDP SPT=67 DPT=68 LEN=308
Jan 10 16:07:48 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.58 DST=192.168.1.83 LEN=48 TOS=0x00 PREC=0x00 TTL=126
ID=3846 DF PROTO=TCP SPT=1374 DPT=9220 WINDOW=16384 RES=0x00 SYN
URGP=0
Jan 10 16:07:51 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.58 DST=192.168.1.83 LEN=48 TOS=0x00 PREC=0x00 TTL=126
ID=3850 DF PROTO=TCP SPT=1374 DPT=9220 WINDOW=16384 RES=0x00 SYN
URGP=0
Jan 10 16:07:58 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.58 DST=192.168.1.83 LEN=48 TOS=0x00 PREC=0x00 TTL=126
ID=3871 DF PROTO=TCP SPT=1374 DPT=9220 WINDOW=16384 RES=0x00 SYN
URGP=0
Jan 10 16:08:01 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.53 DST=192.168.1.3 LEN=48 TOS=0x00 PREC=0x00 TTL=126
ID=17584 DF PROTO=TCP SPT=1140 DPT=135 WINDOW=65535 RES=0x00 SYN
URGP=0
Jan 10 16:08:04 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.53 DST=192.168.1.3 LEN=48 TOS=0x00 PREC=0x00 TTL=126
ID=17585 DF PROTO=TCP SPT=1140 DPT=135 WINDOW=65535 RES=0x00 SYN
URGP=0
Jan 10 16:08:10 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.53 DST=192.168.1.3 LEN=48 TOS=0x00 PREC=0x00 TTL=126
ID=17586 DF PROTO=TCP SPT=1140 DPT=135 WINDOW=65535 RES=0x00 SYN
URGP=0
Jan 10 16:08:10 router kernel: Unknown ForwardIN=tun1 OUT=eth1
SRC=192.168.19.58 DST=192.168.1.83 LEN=72 TOS=0x00 PREC=0x00 TTL=126
ID=3959 PROTO=UDP SPT=427 DPT=427 LEN=52

********************************************************

Here is a current dunp from the 192.168.19.1 end of tun1

Jan 10 15:14:39 filter named[1961]: client 192.168.19.3#1031: received
notify for zone '19.168.192.in-addr.arpa': not authoritative
Jan 10 15:14:39 filter named[1961]: client 192.168.19.3#1031: received
notify for zone '19.168.192.in-addr.arpa': not authoritative
Jan 10 15:14:40 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:14:57 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:15:06 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=703
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:15:06 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=704
PROTO=UDP SPT=68 DPT=67 LEN=316
Jan 10 15:15:14 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:15:31 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:16:29 filter named[1961]: client 192.168.19.3#1031: received
notify for zone '19.168.192.in-addr.arpa': not authoritative
Jan 10 15:16:32 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:16:49 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1009
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1023
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1036
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1070
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=1102
PROTO=UDP SPT=68 DPT=67 LEN=316
Jan 10 15:20:20 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:20:37 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:24:40 filter named[1961]: client 192.168.19.3#1031: received
notify for zone '19.168.192.in-addr.arpa': not authoritative
Jan 10 15:24:40 filter named[1961]: client 192.168.19.3#1031: received
notify for zone '19.168.192.in-addr.arpa': not authoritative
Jan 10 15:24:44 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:25:01 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:25:29 filter named[1961]: client 192.168.19.3#1031: received
notify for zone '19.168.192.in-addr.arpa': not authoritative
Jan 10 15:25:33 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:25:50 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:27:08 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=68 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:27:11 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:27:12 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=69 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:27:20 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=71 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:27:28 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:27:34 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=74 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:27:45 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:28:02 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:28:13 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=91 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:28:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=99 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:28:18 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:28:35 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:29:09 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=129
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:29:12 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:29:29 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:30:16 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=202
PROTO=UDP SPT=68 DPT=67 LEN=308
Jan 10 15:30:20 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:30:37 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:34:20 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=17 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:34:24 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:34:29 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=20 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:34:41 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:34:47 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=22 PROTO=UDP
SPT=68 DPT=67 LEN=316
Jan 10 15:34:47 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=23 PROTO=UDP
SPT=68 DPT=67 LEN=316
Jan 10 15:34:58 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:35:15 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:36:57 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=53 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:37:02 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:37:12 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=54 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:37:18 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:37:19 filter kernel: Dropped IP: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=55 PROTO=UDP
SPT=68 DPT=67 LEN=308
Jan 10 15:37:35 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:37:52 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/access.c:check_access(328)
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:40:34 filter smbd[18735]:   Denied connection from  (0.0.0.0)
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:40:34 filter smbd[18735]:   Connection denied from 0.0.0.0
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:write_socket_data(430)
Jan 10 15:40:34 filter smbd[18735]:   write_socket_data: write
failure. Error = Connection reset by peer
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:write_socket(455)
Jan 10 15:40:34 filter smbd[18735]:   write_socket: Error writing 5
bytes to socket 5: ERRNO = Connection reset by peer
Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
lib/util_sock.c:send_smb(647)
Jan 10 15:40:34 filter smbd[18735]:   Error writing 5 bytes to client.
-1. (Connection reset by peer)
Jan 10 15:40:39 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:40:55 filter daemonshield[2592]: Processing file /var/log/messages
Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
lib/access.c:check_access(328)
Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:42:48 filter smbd[18751]:   Denied connection from  (0.0.0.0)
Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
lib/util_sock.c:get_peer_addr(1150)
Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
Transport endpoint is not connected
Jan 10 15:42:48 filter smbd[18751]:   Connection denied from 0.0.0.0


Thanks for any help.

Bill




-- 
-- 
Bill Ries-Knight
Stockton, CA

Respect the process, Vote.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Follow-Ups:
- Re: [Openvpn-users] No windows browsing across openvpn tunnel
  - From: Bill Ries-Knight
Prev by Date: Re: [Openvpn-users] HELP-ME OpenVPN x iptables
Next by Date: [Openvpn-users] Using tls-verify
Previous by thread: [Openvpn-users] Minimal time to wait for final 2.1
Next by thread: Re: [Openvpn-users] No windows browsing across openvpn tunnel
Index(es):
- Date
- Thread