Mysterious IP

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
fierymaelstrom
OpenVpn Newbie
Posts: 5
Joined: Sun Feb 11, 2018 7:36 pm

Mysterious IP

Post by fierymaelstrom » Sun Feb 11, 2018 7:48 pm

I have 2 clients connecting to a VPS running Openvpn 2.3. Both clients run Ubuntu 16.04, one wired one wireless. The wired client runs perfectly. The wireless client does not.

The wireless client successfully connects to the server, but a tcpdump reveals that all outbound traffic comes from an ip 172.31.99.252 that isn't bound to any interface, and isn't configured in any file.

I am unsure how to proceed. Here are my configs and logs.

Edit:
*** Also, there are no iptables rules in place on the client.

server.conf

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem


client.ovpn

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 138.68.183.251 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca></ca>
<cert></cert>
<key></key>
<tls-auth></tls-auth>


client logs

Sun Feb 11 11:44:46 2018 Unrecognized option or missing parameter(s) in josh@inconspicuous.ovpn:15: block-outside-dns (2.3.10)
Sun Feb 11 11:44:46 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sun Feb 11 11:44:46 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sun Feb 11 11:44:46 2018 Control Channel Authentication: tls-auth using INLINE static key file
Sun Feb 11 11:44:46 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 11 11:44:46 2018 UDPv4 link local: [undef]
Sun Feb 11 11:44:46 2018 UDPv4 link remote: [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:47 2018 TLS: Initial packet from [AF_INET]138.68.183.251:1194, sid=e3210c25 c73100d8
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=1, CN=ChangeMe
Sun Feb 11 11:44:47 2018 Validating certificate key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has key usage 00a0, expects 00a0
Sun Feb 11 11:44:47 2018 VERIFY KU OK
Sun Feb 11 11:44:47 2018 Validating certificate extended key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Feb 11 11:44:47 2018 VERIFY EKU OK
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=0, CN=server
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Feb 11 11:44:47 2018 [server] Peer Connection Initiated with [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:50 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Feb 11 11:44:50 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0'
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route-related options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Feb 11 11:44:50 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp8s0 HWADDR=f0:d5:bf:ad:82:d9
Sun Feb 11 11:44:50 2018 TUN/TAP device tun0 opened
Sun Feb 11 11:44:50 2018 TUN/TAP TX queue length set to 100
Sun Feb 11 11:44:50 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Feb 11 11:44:50 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 11 11:44:50 2018 /sbin/ip addr add dev tun0 10.8.0.4/24 broadcast 10.8.0.255
Sun Feb 11 11:44:50 2018 /sbin/ip route add 138.68.183.251/32 via 192.168.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 Initialization Sequence Completed


tcpdump

listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
11:46:03.508407 IP 172.31.99.252.46390 > 54.165.192.198.443: Flags [S], seq 1756514146, win 29200, options [mss 1460,sackOK,TS val 4003311696 ecr 0,nop,wscale 7], length 0
11:46:03.568703 IP 172.31.99.252.44604 > 38.127.167.13.443: Flags [S], seq 120227118, win 29200, options [mss 1460,sackOK,TS val 610668249 ecr 0,nop,wscale 7], length 0
Last edited by fierymaelstrom on Mon Feb 12, 2018 1:26 am, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Mysterious IP

Post by TinCanTech » Sun Feb 11, 2018 8:21 pm

fierymaelstrom wrote:
Sun Feb 11, 2018 7:48 pm
a tcpdump reveals that all outbound traffic comes from an ip 172.31.99.252 that isn't bound to any interface, and isn't configured in any file.

I am unsure how to proceed. Here are my configs and logs.

server.conf

port 1194
proto udp


client.ovpn

remote 138.68.183.251 1194


tcpdump

listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes

11:46:03.508407 IP 172.31.99.252.46390 > 54.165.192.198.443
The packet is HTTPS not OpenVPN.

fierymaelstrom
OpenVpn Newbie
Posts: 5
Joined: Sun Feb 11, 2018 7:36 pm

Re: Mysterious IP

Post by fierymaelstrom » Mon Feb 12, 2018 1:26 am

Yes i see the packets are destined for port 443, but the source IP is false and is apparently (mis)configured by the openvpn service.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Mysterious IP

Post by TinCanTech » Mon Feb 12, 2018 1:52 am

The source has nothing to do with openvpn ..

fierymaelstrom
OpenVpn Newbie
Posts: 5
Joined: Sun Feb 11, 2018 7:36 pm

Re: Mysterious IP

Post by fierymaelstrom » Mon Feb 12, 2018 3:04 am

Everything runs fine until I connect the vpn client. After I start the client, it does a TLS handshake and connects to the server. The server responds with some network configs. The client brings up the tun0 interface and configures routing. Also, there are no iptables rules.

Somewhere in this process, all networking on the client stops functioning. The source IP of all traffic coming from the machine is on 172.31.99.252, which isn't bound to any interface. It is an invalid IP. The IP only appears on my system after openvpn is initialized.

If the openvpn client is functioning normally like you say, then how do I track down the misconfiguration?

fierymaelstrom
OpenVpn Newbie
Posts: 5
Joined: Sun Feb 11, 2018 7:36 pm

Re: Mysterious IP

Post by fierymaelstrom » Thu Feb 15, 2018 8:26 am

I understand that 172.31.99.252 is an IETF reserved IP. I don't understand why all traffic is sourced with this address. Ifconfig on the interface lists it at 10.8.0.4.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Mysterious IP

Post by TinCanTech » Thu Feb 15, 2018 12:38 pm

Do you mean 172.31.99.252 is the LAN IP of the client with VPN IP 10.8.0.4 ?

fierymaelstrom
OpenVpn Newbie
Posts: 5
Joined: Sun Feb 11, 2018 7:36 pm

Re: Mysterious IP

Post by fierymaelstrom » Sat Feb 17, 2018 5:42 am

I got it figured out. The confusion came from iptables -S, which doesn't show nat rules. I found the errant rule with iptables-save. Thanks for the help everyone.

Post Reply