Post
by eekay » Tue Apr 28, 2015 2:59 pm
In case it might help, I've supplied the tcpdump output from the server and also from the system I'm trying to connect to (test.domain.tld) below. Trying to connect to port 80 on test.domain.tld from the client before ping.
Server VPN interface:
# tcpdump -n -i tun0 port 80
08:41:28.860783 IP 10.10.9.9.58039 > 192.168.1.18.80: Flags [S], seq 357569663, win 29200, options [mss 1368,sackOK,TS val 319149 ecr 0,nop,wscale 7], length 0
08:41:29.858293 IP 10.10.9.9.58039 > 192.168.1.18.80: Flags [S], seq 357569663, win 29200, options [mss 1368,sackOK,TS val 319399 ecr 0,nop,wscale 7], length 0
08:41:31.862220 IP 10.10.9.9.58039 > 192.168.1.18.80: Flags [S], seq 357569663, win 29200, options [mss 1368,sackOK,TS val 319900 ecr 0,nop,wscale 7], length 0
08:41:35.870279 IP 10.10.9.9.58039 > 192.168.1.18.80: Flags [S], seq 357569663, win 29200, options [mss 1368,sackOK,TS val 320902 ecr 0,nop,wscale 7], length 0
08:41:43.878157 IP 10.10.9.9.58039 > 192.168.1.18.80: Flags [S], seq 357569663, win 29200, options [mss 1368,sackOK,TS val 322904 ecr 0,nop,wscale 7], length 0
Server LAN interface:
# tcpdump -n -i em0 port 80
08:44:11.322145 IP 10.10.9.9.58059 > 192.168.1.18.80: Flags [S], seq 3114136989, win 29200, options [mss 1368,sackOK,TS val 359765 ecr 0,nop,wscale 7], length 0
08:44:12.322054 IP 10.10.9.9.58059 > 192.168.1.18.80: Flags [S], seq 3114136989, win 29200, options [mss 1368,sackOK,TS val 360015 ecr 0,nop,wscale 7], length 0
08:44:14.326194 IP 10.10.9.9.58059 > 192.168.1.18.80: Flags [S], seq 3114136989, win 29200, options [mss 1368,sackOK,TS val 360516 ecr 0,nop,wscale 7], length 0
08:44:18.334067 IP 10.10.9.9.58059 > 192.168.1.18.80: Flags [S], seq 3114136989, win 29200, options [mss 1368,sackOK,TS val 361518 ecr 0,nop,wscale 7], length 0
08:44:26.342044 IP 10.10.9.9.58059 > 192.168.1.18.80: Flags [S], seq 3114136989, win 29200, options [mss 1368,sackOK,TS val 363520 ecr 0,nop,wscale 7], length 0
Test system LAN interface:
07:46:17.147231 IP 10.10.9.9.58066 > 192.168.1.18.80: Flags [S], seq 3862481909, win 29200, options [mss 1368,sackOK,TS val 391221 ecr 0,nop,wscale 7], length 0
07:46:17.147298 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 391221], length 0
07:46:18.146182 IP 10.10.9.9.58066 > 192.168.1.18.80: Flags [S], seq 3862481909, win 29200, options [mss 1368,sackOK,TS val 391471 ecr 0,nop,wscale 7], length 0
07:46:18.146231 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 391471], length 0
07:46:20.150906 IP 10.10.9.9.58066 > 192.168.1.18.80: Flags [S], seq 3862481909, win 29200, options [mss 1368,sackOK,TS val 391972 ecr 0,nop,wscale 7], length 0
07:46:20.150975 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 391972], length 0
07:46:23.199938 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 391972], length 0
07:46:24.159045 IP 10.10.9.9.58066 > 192.168.1.18.80: Flags [S], seq 3862481909, win 29200, options [mss 1368,sackOK,TS val 392974 ecr 0,nop,wscale 7], length 0
07:46:24.159096 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 392974], length 0
07:46:27.176076 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 392974], length 0
07:46:30.198414 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 392974], length 0
07:46:32.166639 IP 10.10.9.9.58066 > 192.168.1.18.80: Flags [S], seq 3862481909, win 29200, options [mss 1368,sackOK,TS val 394976 ecr 0,nop,wscale 7], length 0
07:46:32.166691 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 394976], length 0
07:46:35.182939 IP 192.168.1.18.80 > 10.10.9.9.58066: Flags [S.], seq 1656694809, ack 3862481910, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 1718510613 ecr 394976], length 0
Gateway LAN interface:
08:51:50.669723 IP 192.168.1.18.80 > 10.10.9.9.58117: Flags [S.], seq 2644444646, ack 75301707, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 2527065738 ecr 472340], length 0
08:51:59.407253 IP 192.168.1.18.80 > 10.10.9.9.58120: Flags [S.], seq 935091276, ack 3731772220, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 4068713624 ecr 476785], length 0
08:52:00.404186 IP 192.168.1.18.80 > 10.10.9.9.58120: Flags [S.], seq 935091276, ack 3731772220, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 4068713624 ecr 477035], length 0
08:52:02.408171 IP 192.168.1.18.80 > 10.10.9.9.58120: Flags [S.], seq 935091276, ack 3731772220, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 4068713624 ecr 477536], length 0
08:52:05.410714 IP 192.168.1.18.80 > 10.10.9.9.58120: Flags [S.], seq 935091276, ack 3731772220, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 4068713624 ecr 477536], length 0
08:52:06.416142 IP 192.168.1.18.80 > 10.10.9.9.58120: Flags [S.], seq 935091276, ack 3731772220, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 4068713624 ecr 478538], length 0
08:52:09.434051 IP 192.168.1.18.80 > 10.10.9.9.58120: Flags [S.], seq 935091276, ack 3731772220, win 65535, options [mss 1368,nop,wscale 6,sackOK,TS val 4068713624 ecr 478538], length 0
It looks like everything on the LAN side is working correctly, doesn't it? Almost like the VPN client isn't accepting packets from the LAN for some reason. However, once I ping the test.domain.tld server, everything flows completely normal...