I have been working through as many combinations as I can think of and Googling different approaches to a problem in a new setup from Azure virtual machine (NAT'd) to my home VPN server behind a firewall (NAT'd). I am able to observe only SOME NTP traffic going through the tunnel all other testing does not get through because it appears to be going to the wrong destination, not sure - see tun0 traffic for client. The tunnel is established and I don't see any errors in the logs. Here is the information. I have tried tcp, tcp4, udp, udp4, txqueuelength and mssfix modifications and many combinations of route pushing and setting on the client, routing table on the server, etc. I am at a loss I have literally been working on this setup for 3 weeks. Started with other problems that I resolved with help.
Now I think it might be just a setting on the client or an issue with my routing table.
****************** Server Information ******************
uname -a
Code: Select all
Linux hostname 3.16.0-4-amd4 #1SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux
Code: Select all
eth0 Link encap:Ethernet HWaddr 00:e0:81:74:16:91
inet addr:172.16.234.2 Bcast:172.16.234.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3373 errors:0 dropped:0 overruns:0 frame:0
TX packets:4902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1261497 (1.2 MiB) TX bytes:430493 (420.4 KiB)
eth1 Link encap:Ethernet HWaddr 00:e0:81:74:16:90
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.235.1 P-t-P:172.16.235.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.234.1 0.0.0.0 UG 0 0 0 eth0
10.0.34.0 172.16.235.2 255.255.255.0 UG 0 0 0 tun0
172.16.234.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.235.0 172.16.235.2 255.255.255.0 UG 0 0 0 tun0
172.16.235.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Code: Select all
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.235.0/24 anywhere
Code: Select all
iroute 10.0.34.0 255.255.255.0
Code: Select all
No. Time Source Destination Protocol Length Info
1 0.000000 172.16.235.6 91.189.89.198 NTP 76 NTP Version 4, client
Frame 1: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Raw packet data
Internet Protocol Version 4, Src: 172.16.235.6, Dst: 91.189.89.198
User Datagram Protocol, Src Port: 39212, Dst Port: 123
Network Time Protocol (NTP Version 4, client)
No. Time Source Destination Protocol Length Info
2 0.112700 91.189.89.198 172.16.235.6 NTP 76 NTP Version 4, server
Frame 2: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Raw packet data
Internet Protocol Version 4, Src: 91.189.89.198, Dst: 172.16.235.6
User Datagram Protocol, Src Port: 123, Dst Port: 39212
Network Time Protocol (NTP Version 4, server)
proto udp4
dev tun
ca ca.crt
cert cert.crt
key key.key
dh dh4096.pem
server 172.16.235.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 10.0.34.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
keepalive 10 120
tls-auth tls-auth.key 0
tls-version-min 1.2
max-clients 10
persist-key
persist-tun
status /var/log/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 6
uname -a
Code: Select all
Linux hostname 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Code: Select all
eth0 Link encap:Ethernet HWaddr 00:0d:3a:90:a0:67
inet addr:10.0.34.154 Bcast:10.0.34.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:446323 errors:0 dropped:0 overruns:0 frame:0
TX packets:611068 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:191577457 (191.5 MB) TX bytes:124674907 (124.6 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:160 errors:0 dropped:0 overruns:0 frame:0
TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.235.6 P-t-P:172.16.235.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:174 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:456 (456.0 B) TX bytes:456 (456.0 B)
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.235.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.0.34.1 0.0.0.0 UG 0 0 0 eth0
10.0.34.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
1.1.1.1 10.0.34.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 172.16.235.5 128.0.0.0 UG 0 0 0 tun0
168.63.129.16 10.0.34.1 255.255.255.255 UGH 0 0 0 eth0
169.254.169.254 10.0.34.1 255.255.255.255 UGH 0 0 0 eth0
172.16.235.1 172.16.235.5 255.255.255.255 UGH 0 0 0 tun0
172.16.235.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
Code: Select all
No. Time Source Destination Protocol Length Info
9 40.006453 172.16.235.6 91.189.89.198 NTP 76 NTP Version 4, client
Frame 9: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Raw packet data
Internet Protocol Version 4, Src: 172.16.235.6, Dst: 91.189.89.198
User Datagram Protocol, Src Port: 43545, Dst Port: 123
Network Time Protocol (NTP Version 4, client)
No. Time Source Destination Protocol Length Info
10 44.375630 172.16.235.6 172.16.235.1 NTP 76 NTP Version 4, client
Frame 10: 76 bytes on wire (608 bits), 76 bytes captured (608 bits)
Raw packet data
Internet Protocol Version 4, Src: 172.16.235.6, Dst: 172.16.235.1
User Datagram Protocol, Src Port: 42194, Dst Port: 123
Network Time Protocol (NTP Version 4, client)
dev tun
proto udp4
remote 1.1.1.1 11111
redirect-gateway def1
dhcp-option DNS 208.67.222.222
resolv-retry infinite
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert cert.crt
key key.key
remote-cert-tls server
tls-auth /etc/openvpn/tls-auth.key 1
tls-version-min 1.2
verb 6