how to verify keepalive package in openvpn

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
alex.tls
OpenVpn Newbie
Posts: 14
Joined: Fri Nov 12, 2021 11:05 am

how to verify keepalive package in openvpn

Post by alex.tls » Sat Nov 20, 2021 2:06 pm

Hi everyone,

I want to verify keepalive package if it does get sent from openvpn server to connected client in openvpn 2.4.xx by trying to capture traffic on the physical interface. but I am not quite sure those captured traffic is real keepalive traffic,anyone can help to explain that for below traffic record? to my understanding, keepalive package is not sent though tun device , is it correct ? and the keepalive package is not a real ping package , right ?

Code: Select all

22:02:33.099781 IP (tos 0xe0, ttl 52, id 15565, offset 0, flags [DF], proto TCP (6), length 52)
    x.x.x.x.1194 > 172.18.81.59.49312: Flags [.], cksum 0x703e (correct), seq 1461, ack 1428, win 302, options [nop,nop,TS val 2509115906 ecr 1108025630], length 0
22:02:39.058874 IP (tos 0xe0, ttl 52, id 15566, offset 0, flags [DF], proto TCP (6), length 94)
    x.x.x.x.1194 > 172.18.81.59.49312: Flags [P.], cksum 0x8f29 (correct), seq 1461:1503, ack 1428, win 302, options [nop,nop,TS val 2509121865 ecr 1108025630], length 42
22:02:39.059003 IP (tos 0x0, ttl 64, id 399, offset 0, flags [DF], proto TCP (6), length 52)
    172.18.81.59.49312 > x.x.x.x.1194: Flags [.], cksum 0x8ec9 (incorrect -> 0x40b2), seq 1428, ack 1503, win 501, options [nop,nop,TS val 1108031602 ecr 2509121865], length 0
22:02:43.184238 IP (tos 0x0, ttl 64, id 400, offset 0, flags [DF], proto TCP (6), length 94)
    172.18.81.59.49312 > x.x.x.x.1194: Flags [P.], cksum 0x8ef3 (incorrect -> 0x6421), seq 1428:1470, ack 1503, win 501, options [nop,nop,TS val 1108035728 ecr 2509121865], length 42
22:02:43.197387 IP (tos 0xe0, ttl 52, id 15567, offset 0, flags [DF], proto TCP (6), length 52)

alex.tls
OpenVpn Newbie
Posts: 14
Joined: Fri Nov 12, 2021 11:05 am

Re: how to verify keepalive package in openvpn

Post by alex.tls » Sat Nov 20, 2021 2:09 pm

I use keepalive 10 60 at server side configuration

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: how to verify keepalive package in openvpn

Post by TinCanTech » Sat Nov 20, 2021 2:27 pm

Why are you trying to do this ?

alex.tls
OpenVpn Newbie
Posts: 14
Joined: Fri Nov 12, 2021 11:05 am

Re: how to verify keepalive package in openvpn

Post by alex.tls » Sun Nov 21, 2021 1:05 am

Because I want to confirm the tunnel it does is keep active though keepalive mechanism

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: how to verify keepalive package in openvpn

Post by TinCanTech » Sun Nov 21, 2021 2:46 am

You can use a high --verb setting. --verb 7 is usually sufficient.

Post Reply