Fail to manually route openvpn traffic through the server - OpenVPN Support Forum

Fail to manually route openvpn traffic through the server

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.

4 posts • Page 1 of 1

zxun: OpenVPN User; Posts: 24; Joined: Mon Jan 04, 2021 2:26 am

Fail to manually route openvpn traffic through the server

Quote

Post by zxun » Sat Jun 04, 2022 6:05 am

Hi there!

I need to hide the openvpn service under a public webpage Linux server, so I cannot apply the automatic `ref 1` settings by openvpn.

The idea is this:

App - > tun0(10.0.0.2) -> Openvpn Client -------> Openvpn Server -------> Any Site on WWW

While the tun0 is already established on client server:

Code: Select all

5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/none
    inet 10.0.0.2 peer 10.0.0.1/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::795f:d298:47f1:504f/64 scope link flags 800
       valid_lft forever preferred_lft forever

First I set up `tcpdump -i tun0` to sniff the packages, and tried out

Code: Select all

ping -c 1 10.0.0.1

Code: Select all

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
01:43:40.304296 IP vps > gateway: ICMP echo request, id 3964, seq 1, length 64
01:43:40.328524 IP gateway > vps: ICMP echo reply, id 3964, seq 1, length 64

And then, I apply

Code: Select all

curl --interface tun0 google.com

to represent that one application want to visit a website via the openvpn tunnel.

Code: Select all

01:43:58.053894 IP vps.40001 > waw02s13-in-f4.1e100.net.http: Flags [S], seq 123149306, win 27200, options [mss 1360,sackOK,TS val 238912080 ecr 0,nop,wscale 7], length 0
01:43:58.078342 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126255572 ecr 238912080,nop,wscale 8], length 0
01:43:58.382454 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126255876 ecr 238912080,nop,wscale 8], length 0
01:43:59.055416 IP vps.40001 > waw02s13-in-f4.1e100.net.http: Flags [S], seq 123149306, win 27200, options [mss 1360,sackOK,TS val 238913082 ecr 0,nop,wscale 7], length 0
01:43:59.079677 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126256573 ecr 238912080,nop,wscale 8], length 0
01:44:01.061547 IP vps.40001 > waw02s13-in-f4.1e100.net.http: Flags [S], seq 123149306, win 27200, options [mss 1360,sackOK,TS val 238915088 ecr 0,nop,wscale 7], length 0
01:44:01.086079 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126258579 ecr 238912080,nop,wscale 8], length 0
01:44:03.110614 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126260604 ecr 238912080,nop,wscale 8], length 0
01:44:05.069409 IP vps.40001 > waw02s13-in-f4.1e100.net.http: Flags [S], seq 123149306, win 27200, options [mss 1360,sackOK,TS val 238919096 ecr 0,nop,wscale 7], length 0

without any response , I pressed CTRL+C to terminate that visit:

Code: Select all

01:44:05.093616 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126262587 ecr 238912080,nop,wscale 8], length 0
01:44:09.126563 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126266620 ecr 238912080,nop,wscale 8], length 0
01:44:17.574572 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126275068 ecr 238912080,nop,wscale 8], length 0
01:44:33.958467 IP waw02s13-in-f4.1e100.net.http > vps.40001: Flags [S.], seq 157491104, ack 123149307, win 65535, options [mss 1430,sackOK,TS val 126291452 ecr 238912080,nop,wscale 8], length 0

And the corresponding openvpn log is:

Code: Select all

Fri Jun  3 01:43:40 2022 us=305160 TUN READ [84]
Fri Jun  3 01:43:40 2022 us=305293 UDP WRITE [124] to [AF_INET][openvpn server]:1100:  DATA len=124
Fri Jun  3 01:43:40 2022 us=328386 UDP READ [124] from [AF_INET][openvpn server]:1100:  DATA len=124
Fri Jun  3 01:43:40 2022 us=328485 TUN WRITE [84]

Fri Jun  3 01:43:58 2022 us=54345 TUN READ [60]
Fri Jun  3 01:43:58 2022 us=54536 UDP WRITE [100] to [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:43:58 2022 us=78214 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:43:58 2022 us=78322 TUN WRITE [60]
Fri Jun  3 01:43:58 2022 us=382320 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:43:58 2022 us=382431 TUN WRITE [60]
Fri Jun  3 01:43:59 2022 us=55724 TUN READ [60]
Fri Jun  3 01:43:59 2022 us=55837 UDP WRITE [100] to [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:43:59 2022 us=79548 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:43:59 2022 us=79644 TUN WRITE [60]
Fri Jun  3 01:44:01 2022 us=61920 TUN READ [60]
Fri Jun  3 01:44:01 2022 us=62213 UDP WRITE [100] to [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:01 2022 us=85969 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:01 2022 us=86053 TUN WRITE [60]
Fri Jun  3 01:44:03 2022 us=110499 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:03 2022 us=110594 TUN WRITE [60]
Fri Jun  3 01:44:05 2022 us=69541 TUN READ [60]
Fri Jun  3 01:44:05 2022 us=69696 UDP WRITE [100] to [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:05 2022 us=93468 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:05 2022 us=93592 TUN WRITE [60]
Fri Jun  3 01:44:09 2022 us=126402 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:09 2022 us=126510 TUN WRITE [60]
Fri Jun  3 01:44:17 2022 us=574438 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:17 2022 us=574545 TUN WRITE [60]
Fri Jun  3 01:44:33 2022 us=958336 UDP READ [100] from [AF_INET][openvpn server]:1100:  DATA len=100
Fri Jun  3 01:44:33 2022 us=958440 TUN WRITE [60]

The configuration for client openvpn is

Client Config

daemon
dev tun
remote [openvpn server]
rport 1100
lport 1100
proto udp
ifconfig 10.0.0.2 10.0.0.1
secret static 1
writepid /run/tunpid
log-append /var/some.log
tun-mtu 1400
txqueuelen 1000
fragment 0
mssfix 0
verb 11

The bash file to MANUALLY add the routing is:

Code: Select all

ip route add default via 10.0.0.1 table vpn

the routing has been set:

Code: Select all

# ip route list table vpn
default via 10.0.0.1 dev tun0

Indeed, both the tcpdump and openvpn log show that the openvpn client connected the server for the google website request,
but somehow the communication yields no result so I have to interrupted it by CTRL+C.

And I retested the `curl` with `ss -tnp` this time - the openvpn server did not establish any http/tcp connection to google.com at all.
And the problem must be somewhere below:

The openvpn server is on a vultr vps, and it worked fine before this month. I have no idea what changed, but to illustrate,
here is the configuration of the server:

Server Config

dev tun0
lport 1100
proto udp
ifconfig 10.0.0.1 10.0.0.2
secret static 0
tun-mtu 1400
txqueuelen 1000
fragment 0
mssfix 0
log-append /var/some.log

here is the firewalld configuration

Code: Select all

# firewall-cmd --info-zone=public
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports: 1100/udp 1200/udp 1200/tcp
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

and ip_forward is on:

Code: Select all

# cd /proc/sys/net/ipv4
# cat ip_forward
1

and

Code: Select all

# curl google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

works on that server too.

This is the everything I know, thanks for reading.

So what is the problem?

TinCanTech: OpenVPN Protagonist; Posts: 11137; Joined: Fri Jun 03, 2016 1:17 pm

Re: Fail to manually route openvpn traffic through the server

Quote

Post by TinCanTech » Sat Jun 04, 2022 6:46 pm

Try setting your logs to --verb 4 and then look for errors.

zxun: OpenVPN User; Posts: 24; Joined: Mon Jan 04, 2021 2:26 am

Re: Fail to manually route openvpn traffic through the server

Quote

Post by zxun » Sun Jun 05, 2022 6:56 am

TinCanTech wrote: ↑
Sat Jun 04, 2022 6:46 pm
Try setting your logs to --verb 4 and then look for errors.

verb 4 won't show any successful communication. So I set verb 11 on the server side, and here is part of the server log
as the client server executed `curl --interface tun0 google.com`

Code: Select all

Sun Jun  5 06:23:16 2022 us=439744 PID_TEST [0] [STATIC-0] [467EEEEEEEEEEEEE] 1654409309:16 16544093
09:17 t=1654410196[0] r=[0,64,15,0,1] sl=[48,16,64,528]
Sun Jun  5 06:23:16 2022 us=439752 PO_CTL rwflags=0x0000 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:16 2022 us=439757 PO_CTL rwflags=0x0003 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:16 2022 us=439776 I/O WAIT TR|TW|Sr|Sw [604761/141339]
Sun Jun  5 06:23:16 2022 us=439784 PO_WAIT[1,0] fd=3 rev=0x00000004 rwflags=0x0002 arg=0x5606bd51206
8
Sun Jun  5 06:23:16 2022 us=439788  event_wait returned 1
Sun Jun  5 06:23:16 2022 us=439793 I/O WAIT status=0x0008
Sun Jun  5 06:23:16 2022 us=439798 TUN WRITE [60]
Sun Jun  5 06:23:16 2022 us=439832  write to TUN/TAP returned 60
Sun Jun  5 06:23:16 2022 us=439838 PO_CTL rwflags=0x0001 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:16 2022 us=439843 PO_CTL rwflags=0x0001 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:16 2022 us=439848 I/O WAIT TR|Tw|SR|Sw [604761/141339]
Sun Jun  5 06:23:16 2022 us=440253 PO_WAIT[1,0] fd=3 rev=0x00000001 rwflags=0x0001 arg=0x5606bd51206
8
Sun Jun  5 06:23:16 2022 us=440259  event_wait returned 1
Sun Jun  5 06:23:16 2022 us=440264 I/O WAIT status=0x0004
Sun Jun  5 06:23:16 2022 us=440270  read from TUN/TAP returned 60
Sun Jun  5 06:23:16 2022 us=440275 TUN READ [60]
Sun Jun  5 06:23:16 2022 us=440286 ENCRYPT IV: d071cf26 22509611
Sun Jun  5 06:23:16 2022 us=440299 ENCRYPT FROM: 0000000c 629c4b8e 4500003c 67ed0000 77067704 8efacb
ce 0a000002 0050bf5[more...]
Sun Jun  5 06:23:16 2022 us=440309 ENCRYPT HMAC: 5e7f7f88 743fc2c4 8fd0e388 4c343ec3 4a7d14dc
Sun Jun  5 06:23:16 2022 us=440324 ENCRYPT TO: 5e7f7f88 743fc2c4 8fd0e388 4c343ec3 4a7d14dc d071cf26
 22509611 deb382a[more...]
Sun Jun  5 06:23:16 2022 us=440330 PO_CTL rwflags=0x0003 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:16 2022 us=440334 PO_CTL rwflags=0x0000 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:16 2022 us=440340 I/O WAIT Tr|Tw|SR|SW [604761/141339]
Sun Jun  5 06:23:16 2022 us=440346 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x5606bd51217
0
Sun Jun  5 06:23:16 2022 us=440351  event_wait returned 1
Sun Jun  5 06:23:16 2022 us=440355 I/O WAIT status=0x0002
Sun Jun  5 06:23:16 2022 us=440373 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA 5e7f7f88
743fc2c4 8fd0e388 4c343ec3 4a7d14dc d071cf26 22509611 deb382a[more...]
Sun Jun  5 06:23:16 2022 us=440393 UDPv4 write returned 100
Sun Jun  5 06:23:16 2022 us=440398 PO_CTL rwflags=0x0001 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:16 2022 us=440403 PO_CTL rwflags=0x0001 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:16 2022 us=440408 I/O WAIT TR|Tw|SR|Sw [604761/141339]
Sun Jun  5 06:23:20 2022 us=464286 PO_WAIT[1,0] fd=3 rev=0x00000001 rwflags=0x0001 arg=0x5606bd51206
8
Sun Jun  5 06:23:20 2022 us=464326  event_wait returned 1
Sun Jun  5 06:23:20 2022 us=464332 I/O WAIT status=0x0004
Sun Jun  5 06:23:20 2022 us=464341  read from TUN/TAP returned 60
Sun Jun  5 06:23:20 2022 us=464346 TUN READ [60]
Sun Jun  5 06:23:20 2022 us=464363 ENCRYPT IV: 1573ad24 7b3bf173
Sun Jun  5 06:23:20 2022 us=464377 ENCRYPT FROM: 0000000d 629c4b8e 4500003c 75840000 7806686d 8efacb
ce 0a000002 0050bf5[more...]
Sun Jun  5 06:23:20 2022 us=464391 ENCRYPT HMAC: 1f262f92 13faf198 1b33c80c 56b59dd8 a447debb
Sun Jun  5 06:23:20 2022 us=464406 ENCRYPT TO: 1f262f92 13faf198 1b33c80c 56b59dd8 a447debb 1573ad24
 7b3bf173 5cd41c2[more...]
Sun Jun  5 06:23:20 2022 us=464413 RANDOM USEC=117474
Sun Jun  5 06:23:20 2022 us=464418 PO_CTL rwflags=0x0003 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:20 2022 us=464423 PO_CTL rwflags=0x0000 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:20 2022 us=464431 I/O WAIT Tr|Tw|SR|SW [604757/117474]
Sun Jun  5 06:23:20 2022 us=464437 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x5606bd51217
0
Sun Jun  5 06:23:20 2022 us=464442  event_wait returned 1
Sun Jun  5 06:23:20 2022 us=464447 I/O WAIT status=0x0002
Sun Jun  5 06:23:20 2022 us=464467 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA 1f262f92
13faf198 1b33c80c 56b59dd8 a447debb 1573ad24 7b3bf173 5cd41c2[more...]
Sun Jun  5 06:23:20 2022 us=464514 UDPv4 write returned 100
Sun Jun  5 06:23:20 2022 us=464521 PO_CTL rwflags=0x0001 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:20 2022 us=464525 PO_CTL rwflags=0x0001 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:20 2022 us=464531 I/O WAIT TR|Tw|SR|Sw [604757/117474]
Sun Jun  5 06:23:24 2022 us=447579 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x5606bd51217
0
Sun Jun  5 06:23:24 2022 us=447643  event_wait returned 1
Sun Jun  5 06:23:24 2022 us=447650 I/O WAIT status=0x0001
Sun Jun  5 06:23:24 2022 us=447661 UDPv4 read returned 100
Sun Jun  5 06:23:24 2022 us=447684 UDPv4 READ [100] from [AF_INET][Client VPN Port]:  DATA c93a353e
 6c983d3c 6b265f20 58a4dce9 4a65e074 93dc6706 2022fdee ce5db21[more...]
Sun Jun  5 06:23:24 2022 us=447702 DECRYPT FROM: c93a353e 6c983d3c 6b265f20 58a4dce9 4a65e074 93dc67
06 2022fdee ce5db21[more...]
Sun Jun  5 06:23:24 2022 us=447713 DECRYPT IV: 93dc6706 2022fdee
Sun Jun  5 06:23:24 2022 us=447731 DECRYPT TO: 00000012 629c485d 4500003c 75cd4000 40066024 0a000002
 8efacbce bf59005[more...]
Sun Jun  5 06:23:24 2022 us=447739 PID_TEST [0] [STATIC-0] [8>>>EEEEEEEEEEEEE] 1654409309:17 1654409
309:18 t=1654410204[0] r=[0,64,15,0,1] sl=[47,17,64,528]
Sun Jun  5 06:23:24 2022 us=447747 PO_CTL rwflags=0x0000 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:24 2022 us=447751 PO_CTL rwflags=0x0003 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:24 2022 us=447759 I/O WAIT TR|TW|Sr|Sw [604753/117474]
Sun Jun  5 06:23:24 2022 us=447766 PO_WAIT[1,0] fd=3 rev=0x00000004 rwflags=0x0002 arg=0x5606bd51206
8
Sun Jun  5 06:23:24 2022 us=447771  event_wait returned 1
Sun Jun  5 06:23:24 2022 us=447776 I/O WAIT status=0x0008
Sun Jun  5 06:23:24 2022 us=447780 TUN WRITE [60]
Sun Jun  5 06:23:24 2022 us=447816  write to TUN/TAP returned 60
Sun Jun  5 06:23:24 2022 us=447821 PO_CTL rwflags=0x0001 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:24 2022 us=447826 PO_CTL rwflags=0x0001 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:24 2022 us=447832 I/O WAIT TR|Tw|SR|Sw [604753/117474]
Sun Jun  5 06:23:24 2022 us=448226 PO_WAIT[1,0] fd=3 rev=0x00000001 rwflags=0x0001 arg=0x5606bd51206
8
Sun Jun  5 06:23:24 2022 us=448232  event_wait returned 1
Sun Jun  5 06:23:24 2022 us=448236 I/O WAIT status=0x0004
Sun Jun  5 06:23:24 2022 us=448243  read from TUN/TAP returned 60
Sun Jun  5 06:23:24 2022 us=448247 TUN READ [60]
Sun Jun  5 06:23:24 2022 us=448258 ENCRYPT IV: 2ca1d26a 79aa0d56
Sun Jun  5 06:23:24 2022 us=448270 ENCRYPT FROM: 0000000e 629c4b8e 4500003c 7fdd0000 79065d14 8efacb
ce 0a000002 0050bf5[more...]
Sun Jun  5 06:23:24 2022 us=448281 ENCRYPT HMAC: 5215d413 d197f3cb 5a80acca c480ac5a 778cafdc
Sun Jun  5 06:23:24 2022 us=448296 ENCRYPT TO: 5215d413 d197f3cb 5a80acca c480ac5a 778cafdc 2ca1d26a
 79aa0d56 ee82069[more...]
Sun Jun  5 06:23:24 2022 us=448302 PO_CTL rwflags=0x0003 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:24 2022 us=448306 PO_CTL rwflags=0x0000 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:24 2022 us=448312 I/O WAIT Tr|Tw|SR|SW [604753/117474]
Sun Jun  5 06:23:24 2022 us=448318 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x5606bd51217
0
Sun Jun  5 06:23:24 2022 us=448323  event_wait returned 1
Sun Jun  5 06:23:24 2022 us=448327 I/O WAIT status=0x0002
Sun Jun  5 06:23:24 2022 us=448345 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA 5215d413 d197f3cb 5a80acca c480ac5a 778cafdc 2ca1d26a 79aa0d56 ee82069[more...]
Sun Jun  5 06:23:24 2022 us=448365 UDPv4 write returned 100
Sun Jun  5 06:23:24 2022 us=448371 PO_CTL rwflags=0x0001 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:24 2022 us=448375 PO_CTL rwflags=0x0001 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:24 2022 us=448381 I/O WAIT TR|Tw|SR|Sw [604753/117474]
Sun Jun  5 06:23:32 2022 us=496304 PO_WAIT[1,0] fd=3 rev=0x00000001 rwflags=0x0001 arg=0x5606bd512068
Sun Jun  5 06:23:32 2022 us=496343  event_wait returned 1
Sun Jun  5 06:23:32 2022 us=496349 I/O WAIT status=0x0004
Sun Jun  5 06:23:32 2022 us=496358  read from TUN/TAP returned 60
Sun Jun  5 06:23:32 2022 us=496363 TUN READ [60]
Sun Jun  5 06:23:32 2022 us=496381 ENCRYPT IV: 545fb6b0 f56fafb5
Sun Jun  5 06:23:32 2022 us=496395 ENCRYPT FROM: 0000000f 629c4b8e 4500003c 8a910000 78065360 8efacbce 0a000002 0050bf5[more...]
Sun Jun  5 06:23:32 2022 us=496408 ENCRYPT HMAC: 819b9292 ef79121e ae06ef72 34b8bcfe 99b83aa5
Sun Jun  5 06:23:32 2022 us=496423 ENCRYPT TO: 819b9292 ef79121e ae06ef72 34b8bcfe 99b83aa5 545fb6b0 f56fafb5 ea36e5d[more...]
Sun Jun  5 06:23:32 2022 us=496440 RANDOM USEC=191935
Sun Jun  5 06:23:32 2022 us=496446 PO_CTL rwflags=0x0003 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:32 2022 us=496451 PO_CTL rwflags=0x0000 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:32 2022 us=496458 I/O WAIT Tr|Tw|SR|SW [604745/191935]
Sun Jun  5 06:23:32 2022 us=496465 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x5606bd512170
Sun Jun  5 06:23:32 2022 us=496476  event_wait returned 1
Sun Jun  5 06:23:32 2022 us=496480 I/O WAIT status=0x0002
Sun Jun  5 06:23:32 2022 us=496501 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA 819b9292 ef79121e ae06ef72 34b8bcfe 99b83aa5 545fb6b0 f56fafb5 ea36e5d[more...]
Sun Jun  5 06:23:32 2022 us=496533 UDPv4 write returned 100
Sun Jun  5 06:23:32 2022 us=496539 PO_CTL rwflags=0x0001 ev=4 arg=0x5606bd512170
Sun Jun  5 06:23:32 2022 us=496544 PO_CTL rwflags=0x0001 ev=3 arg=0x5606bd512068
Sun Jun  5 06:23:32 2022 us=496550 I/O WAIT TR|Tw|SR|Sw [604745/191935]

whole server log for proxy visit of the client at verb 7:

Code: Select all

Sun Jun  5 06:52:37 2022 us=280095 UDPv4 READ [100] from [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:37 2022 us=280157 PID_TEST [0] [STATIC-0] [EEEEEEEEEEEEEEEEEEEEEEEE] 1654411282:24 1654411282:25 t=1654411957[0] r=[0,64,15,0,1] sl=[40,24,64,528]
Sun Jun  5 06:52:37 2022 us=280176 TUN WRITE [60]
Sun Jun  5 06:52:37 2022 us=280782 TUN READ [60]
Sun Jun  5 06:52:37 2022 us=280803 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:37 2022 us=584143 TUN READ [60]
Sun Jun  5 06:52:37 2022 us=584220 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:38 2022 us=281407 UDPv4 READ [100] from [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:38 2022 us=281460 PID_TEST [0] [STATIC-0] [1EEEEEEEEEEEEEEEEEEEEEEEE] 1654411282:25 1654411282:26 t=1654411958[0] r=[-1,64,15,0,1] sl=[39,25,64,528]
Sun Jun  5 06:52:38 2022 us=281471 TUN WRITE [60]
Sun Jun  5 06:52:38 2022 us=281984 TUN READ [60]
Sun Jun  5 06:52:38 2022 us=282006 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:40 2022 us=287353 UDPv4 READ [100] from [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:40 2022 us=287413 PID_TEST [0] [STATIC-0] [23EEEEEEEEEEEEEEEEEEEEEEEE] 1654411282:26 1654411282:27 t=1654411960[0] r=[-3,64,15,0,1] sl=[38,26,64,528]
Sun Jun  5 06:52:40 2022 us=287425 TUN WRITE [60]
Sun Jun  5 06:52:40 2022 us=287924 TUN READ [60]
Sun Jun  5 06:52:40 2022 us=287948 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:42 2022 us=304171 TUN READ [60]
Sun Jun  5 06:52:42 2022 us=304246 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:46 2022 us=336203 TUN READ [60]
Sun Jun  5 06:52:46 2022 us=336289 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100
Sun Jun  5 06:52:54 2022 us=400251 TUN READ [60]
Sun Jun  5 06:52:54 2022 us=400332 UDPv4 WRITE [100] to [AF_INET][Client VPN Port]:  DATA len=100

zxun: OpenVPN User; Posts: 24; Joined: Mon Jan 04, 2021 2:26 am

Re: Fail to manually route openvpn traffic through the server

Quote

Post by zxun » Mon Jun 06, 2022 1:45 pm

The server did not masquerade for client at all (destination :

Code: Select all

# conntrack -E
......

   [NEW] udp      17 30 src=[Client's IP] dst=[Server's IP] sport=1100 dport=1100 [UNREPLIED] src=[Server's IP] dst=[Client's IP] sport=1100 dport=1100
    [NEW] tcp      6 120 SYN_SENT src=10.0.0.2 dst=142.250.74.174 sport=60418 dport=80 [UNREPLIED] src=142.250.74.174 dst=[Server's IP] sport=80 dport=60418
 [UPDATE] tcp      6 60 SYN_RECV src=10.0.0.2 dst=142.250.74.174 sport=60418 dport=80 src=142.250.74.174 dst=[Server's IP] sport=80 dport=60418
 [UPDATE] udp      17 30 src=[Client's IP] dst=[Server's IP] sport=1100 dport=1100 src=[Server's IP] dst=[Client's IP] sport=1100 dport=1100
 [UPDATE] udp      17 180 src=[Client's IP] dst=[Server's IP] sport=1100 dport=1100 src=[Server's IP] dst=[Client's IP] sport=1100 dport=1100 [ASSURED]
 [UPDATE] tcp      6 59 SYN_RECV src=10.0.0.2 dst=142.250.74.174 sport=60418 dport=80 src=142.250.74.174 dst=[Server's IP] sport=80 dport=60418
 [UPDATE] tcp      6 60 SYN_RECV src=10.0.0.2 dst=142.250.74.174 sport=60418 dport=80 src=142.250.74.174 dst=[Server's IP] sport=80 dport=60418
 [UPDATE] tcp      6 60 SYN_RECV src=10.0.0.2 dst=142.250.74.174 sport=60418 dport=80 src=142.250.74.174 dst=[Server's IP] sport=80 dport=60418

142.250.74.174 is the google's IP, and 80 is plain http port, but source is 10.0.0.2, the Client's openvpn IP, not the eth0 IP of the server.

Post Reply

4 posts • Page 1 of 1

Return to “Server Administration”