Rebuilt the OpenVPN server, still the same issue. Site B can access all of Site A, Site A can ping, telnet, traceroute but no HTTP.
Here is the output of TCPDUMP from a Mac to 192.168.77.43 (a web server running on port 80)
Code: Select all
sudo tcpdump -i any -n -v dst host 192.168.77.43
tcpdump: data link type PKTAP
tcpdump: listening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
12:57:40.757529 IP (tos 0x0, ttl 64, id 40720, offset 0, flags [DF], proto TCP (6), length 64)
192.168.0.231.58128 > 192.168.77.43.80: Flags [SEW], cksum 0x3185 (correct), seq 4123362743, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 147508652 ecr 0,sackOK,eol], length 0
12:57:40.783092 IP (tos 0x0, ttl 64, id 33724, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.231.58128 > 192.168.77.43.80: Flags [.], cksum 0x9b74 (correct), ack 2434086152, win 8192, length 0
12:57:40.784287 IP (tos 0x0, ttl 64, id 15147, offset 0, flags [DF], proto TCP (6), length 456)
192.168.0.231.58128 > 192.168.77.43.80: Flags [P.], cksum 0xfafe (correct), seq 0:416, ack 1, win 8192, length 416: HTTP, length: 416
GET / HTTP/1.1
Host: 192.168.77.43
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
12:57:41.076547 IP (tos 0x0, ttl 64, id 50307, offset 0, flags [DF], proto TCP (6), length 456)
192.168.0.231.58128 > 192.168.77.43.80: Flags [P.], cksum 0xfafe (correct), seq 0:416, ack 1, win 8192, length 416: HTTP, length: 416
GET / HTTP/1.1
Host: 192.168.77.43
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
12:58:41.146555 IP (tos 0x0, ttl 64, id 44501, offset 0, flags [DF], proto TCP (6), length 64)
192.168.0.231.58467 > 192.168.77.43.80: Flags [S], cksum 0x09b6 (correct), seq 492872660, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 147566384 ecr 0,sackOK,eol], length 0
12:58:41.154346 IP (tos 0x0, ttl 64, id 52071, offset 0, flags [DF], proto TCP (6), length 40)
192.168.0.231.58467 > 192.168.77.43.80: Flags [.], cksum 0x644f (correct), ack 2434409758, win 8192, length 0
12:58:41.154763 IP (tos 0x0, ttl 64, id 22315, offset 0, flags [DF], proto TCP (6), length 456)
192.168.0.231.58467 > 192.168.77.43.80: Flags [P.], cksum 0xc3d9 (correct), seq 0:416, ack 1, win 8192, length 416: HTTP, length: 416
GET / HTTP/1.1
Host: 192.168.77.43
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
12:58:41.394142 IP (tos 0x0, ttl 64, id 24631, offset 0, flags [DF], proto TCP (6), length 456)
192.168.0.231.58467 > 192.168.77.43.80: Flags [P.], cksum 0xc3d9 (correct), seq 0:416, ack 1, win 8192, length 416: HTTP, length: 416
GET / HTTP/1.1
Host: 192.168.77.43
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8