[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]
Re: [Openvpn-users] No windows browsing across openvpn tunnel

Subject: Re: [Openvpn-users] No windows browsing across openvpn tunnel
From: "Bill Ries-Knight" <steelhoof@xxxxxxxxx>
Date: Thu, 11 Jan 2007 02:41:48 -0800
After much grief I have discovered that the failure was a result of
the firewall.
Thanks and good night.

On 1/10/07, Bill Ries-Knight <steelhoof@xxxxxxxxx> wrote:
> I have had to replace one end of a successful openvpn tunnel when the
> linux serve was cracked.
>
> The tunnel was reimpleminted with good traffic throughput.
>
> If I try to browse from 192.168.1.x (the end the replaced server is
> on) to 192.168.19.x or back, the browse fails.
>
> I can use remote desktop acoss to 192.168.19.x from 192.168.1.x fine,
> but cannot go from 192.168.19.x to 192.168.1.x.
>
> Http traffic is fine in both directions as is tcp/ip type traffic.
>
> here is a typical dump from syslog on the 192.168.1.1 end of ttun1:
>
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23030
> PROTO=UDP SPT=68 DPT=67 LEN=252
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23031
> PROTO=UDP SPT=67 DPT=68 LEN=308
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23032
> PROTO=UDP SPT=68 DPT=67 LEN=252
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23033
> PROTO=UDP SPT=67 DPT=68 LEN=308
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23034
> PROTO=UDP SPT=68 DPT=67 LEN=252
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23035
> PROTO=UDP SPT=67 DPT=68 LEN=308
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=272 TOS=0x00 PREC=0x00 TTL=128 ID=23036
> PROTO=UDP SPT=68 DPT=67 LEN=252
> Jan 10 16:07:47 router kernel: Unknown InputIN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:15:c5:5f:2a:2a:08:00 SRC=192.168.1.3
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=23037
> PROTO=UDP SPT=67 DPT=68 LEN=308
> Jan 10 16:07:48 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.58 DST=192.168.1.83 LEN=48 TOS=0x00 PREC=0x00 TTL=126
> ID=3846 DF PROTO=TCP SPT=1374 DPT=9220 WINDOW=16384 RES=0x00 SYN
> URGP=0
> Jan 10 16:07:51 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.58 DST=192.168.1.83 LEN=48 TOS=0x00 PREC=0x00 TTL=126
> ID=3850 DF PROTO=TCP SPT=1374 DPT=9220 WINDOW=16384 RES=0x00 SYN
> URGP=0
> Jan 10 16:07:58 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.58 DST=192.168.1.83 LEN=48 TOS=0x00 PREC=0x00 TTL=126
> ID=3871 DF PROTO=TCP SPT=1374 DPT=9220 WINDOW=16384 RES=0x00 SYN
> URGP=0
> Jan 10 16:08:01 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.53 DST=192.168.1.3 LEN=48 TOS=0x00 PREC=0x00 TTL=126
> ID=17584 DF PROTO=TCP SPT=1140 DPT=135 WINDOW=65535 RES=0x00 SYN
> URGP=0
> Jan 10 16:08:04 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.53 DST=192.168.1.3 LEN=48 TOS=0x00 PREC=0x00 TTL=126
> ID=17585 DF PROTO=TCP SPT=1140 DPT=135 WINDOW=65535 RES=0x00 SYN
> URGP=0
> Jan 10 16:08:10 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.53 DST=192.168.1.3 LEN=48 TOS=0x00 PREC=0x00 TTL=126
> ID=17586 DF PROTO=TCP SPT=1140 DPT=135 WINDOW=65535 RES=0x00 SYN
> URGP=0
> Jan 10 16:08:10 router kernel: Unknown ForwardIN=tun1 OUT=eth1
> SRC=192.168.19.58 DST=192.168.1.83 LEN=72 TOS=0x00 PREC=0x00 TTL=126
> ID=3959 PROTO=UDP SPT=427 DPT=427 LEN=52
>
> ********************************************************
>
> Here is a current dunp from the 192.168.19.1 end of tun1
>
> Jan 10 15:14:39 filter named[1961]: client 192.168.19.3#1031: received
> notify for zone '19.168.192.in-addr.arpa': not authoritative
> Jan 10 15:14:39 filter named[1961]: client 192.168.19.3#1031: received
> notify for zone '19.168.192.in-addr.arpa': not authoritative
> Jan 10 15:14:40 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:14:57 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:15:06 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=703
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:15:06 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=704
> PROTO=UDP SPT=68 DPT=67 LEN=316
> Jan 10 15:15:14 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:15:31 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:16:29 filter named[1961]: client 192.168.19.3#1031: received
> notify for zone '19.168.192.in-addr.arpa': not authoritative
> Jan 10 15:16:32 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:16:49 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1009
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1023
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1036
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=1070
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:20:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=1102
> PROTO=UDP SPT=68 DPT=67 LEN=316
> Jan 10 15:20:20 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:20:37 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:24:40 filter named[1961]: client 192.168.19.3#1031: received
> notify for zone '19.168.192.in-addr.arpa': not authoritative
> Jan 10 15:24:40 filter named[1961]: client 192.168.19.3#1031: received
> notify for zone '19.168.192.in-addr.arpa': not authoritative
> Jan 10 15:24:44 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:25:01 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:25:29 filter named[1961]: client 192.168.19.3#1031: received
> notify for zone '19.168.192.in-addr.arpa': not authoritative
> Jan 10 15:25:33 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:25:50 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:27:08 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=68 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:27:11 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:27:12 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=69 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:27:20 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=71 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:27:28 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:27:34 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=74 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:27:45 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:28:02 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:28:13 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=91 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:28:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=99 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:28:18 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:28:35 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:29:09 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=129
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:29:12 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:29:29 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:30:16 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=202
> PROTO=UDP SPT=68 DPT=67 LEN=308
> Jan 10 15:30:20 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:30:37 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:34:20 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=17 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:34:24 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:34:29 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=20 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:34:41 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:34:47 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=22 PROTO=UDP
> SPT=68 DPT=67 LEN=316
> Jan 10 15:34:47 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=336 TOS=0x00 PREC=0x00 TTL=128 ID=23 PROTO=UDP
> SPT=68 DPT=67 LEN=316
> Jan 10 15:34:58 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:35:15 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:36:57 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=53 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:37:02 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:37:12 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=54 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:37:18 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:37:19 filter kernel: Dropped IP: IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:90:4b:a1:39:e0:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=55 PROTO=UDP
> SPT=68 DPT=67 LEN=308
> Jan 10 15:37:35 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:37:52 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/access.c:check_access(328)
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:40:34 filter smbd[18735]:   Denied connection from  (0.0.0.0)
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:40:34 filter smbd[18735]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:40:34 filter smbd[18735]:   Connection denied from 0.0.0.0
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:write_socket_data(430)
> Jan 10 15:40:34 filter smbd[18735]:   write_socket_data: write
> failure. Error = Connection reset by peer
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:write_socket(455)
> Jan 10 15:40:34 filter smbd[18735]:   write_socket: Error writing 5
> bytes to socket 5: ERRNO = Connection reset by peer
> Jan 10 15:40:34 filter smbd[18735]: [2007/01/10 15:40:34, 0]
> lib/util_sock.c:send_smb(647)
> Jan 10 15:40:34 filter smbd[18735]:   Error writing 5 bytes to client.
> -1. (Connection reset by peer)
> Jan 10 15:40:39 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:40:55 filter daemonshield[2592]: Processing file /var/log/messages
> Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
> lib/access.c:check_access(328)
> Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:42:48 filter smbd[18751]:   Denied connection from  (0.0.0.0)
> Jan 10 15:42:48 filter smbd[18751]: [2007/01/10 15:42:48, 0]
> lib/util_sock.c:get_peer_addr(1150)
> Jan 10 15:42:48 filter smbd[18751]:   getpeername failed. Error was
> Transport endpoint is not connected
> Jan 10 15:42:48 filter smbd[18751]:   Connection denied from 0.0.0.0
>
>
> Thanks for any help.
>
> Bill
>
>
>
>
> --
> --
> Bill Ries-Knight
> Stockton, CA
>
> Respect the process, Vote.
>


-- 
-- 
Bill Ries-Knight
Stockton, CA

Respect the process, Vote.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
References:
- [Openvpn-users] No windows browsing across openvpn tunnel
  - From: Bill Ries-Knight
Prev by Date: [Openvpn-users] Using tls-verify
Next by Date: Re: [Openvpn-users] HELP-ME OpenVPN x iptables
Previous by thread: [Openvpn-users] No windows browsing across openvpn tunnel
Next by thread: [Openvpn-users] Using tls-verify
Index(es):
- Date
- Thread