OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

how to verify keepalive package in openvpn

https://forums.openvpn.net/viewtopic.php?t=33335

Page 1 of 1

how to verify keepalive package in openvpn

Posted: Sat Nov 20, 2021 2:06 pm
by alex.tls
Hi everyone,

I want to verify keepalive package if it does get sent from openvpn server to connected client in openvpn 2.4.xx by trying to capture traffic on the physical interface. but I am not quite sure those captured traffic is real keepalive traffic,anyone can help to explain that for below traffic record? to my understanding, keepalive package is not sent though tun device , is it correct ? and the keepalive package is not a real ping package , right ?

Code: Select all

22:02:33.099781 IP (tos 0xe0, ttl 52, id 15565, offset 0, flags [DF], proto TCP (6), length 52)
    x.x.x.x.1194 > 172.18.81.59.49312: Flags [.], cksum 0x703e (correct), seq 1461, ack 1428, win 302, options [nop,nop,TS val 2509115906 ecr 1108025630], length 0
22:02:39.058874 IP (tos 0xe0, ttl 52, id 15566, offset 0, flags [DF], proto TCP (6), length 94)
    x.x.x.x.1194 > 172.18.81.59.49312: Flags [P.], cksum 0x8f29 (correct), seq 1461:1503, ack 1428, win 302, options [nop,nop,TS val 2509121865 ecr 1108025630], length 42
22:02:39.059003 IP (tos 0x0, ttl 64, id 399, offset 0, flags [DF], proto TCP (6), length 52)
    172.18.81.59.49312 > x.x.x.x.1194: Flags [.], cksum 0x8ec9 (incorrect -> 0x40b2), seq 1428, ack 1503, win 501, options [nop,nop,TS val 1108031602 ecr 2509121865], length 0
22:02:43.184238 IP (tos 0x0, ttl 64, id 400, offset 0, flags [DF], proto TCP (6), length 94)
    172.18.81.59.49312 > x.x.x.x.1194: Flags [P.], cksum 0x8ef3 (incorrect -> 0x6421), seq 1428:1470, ack 1503, win 501, options [nop,nop,TS val 1108035728 ecr 2509121865], length 42
22:02:43.197387 IP (tos 0xe0, ttl 52, id 15567, offset 0, flags [DF], proto TCP (6), length 52)

Re: how to verify keepalive package in openvpn

Posted: Sat Nov 20, 2021 2:09 pm
by alex.tls
I use keepalive 10 60 at server side configuration

Re: how to verify keepalive package in openvpn

Posted: Sat Nov 20, 2021 2:27 pm
by TinCanTech
Why are you trying to do this ?

Re: how to verify keepalive package in openvpn

Posted: Sun Nov 21, 2021 1:05 am
by alex.tls
Because I want to confirm the tunnel it does is keep active though keepalive mechanism

Re: how to verify keepalive package in openvpn

Posted: Sun Nov 21, 2021 2:46 am
by TinCanTech
You can use a high --verb setting. --verb 7 is usually sufficient.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/