Heyo!
I've got a server with two clients connected, each client connects 2 LANs to the VPN using a few routes and iroutes, and I'm currently sending traffic between client1 LAN2 and client2 LAN1, and I'd like to get a pcap of that traffic using the server. Normally I'd just use TCPDump but that won't work here obviously. Is there a debug flag or config option I can enable to log the packets being routed by OpenVPN and not being passed to the kernel?
Thanks!
Create pcap of Client to Client traffic from Server
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Aug 27, 2022 3:25 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Aug 27, 2022 3:25 pm
Re: Create pcap of Client to Client traffic from Server
OpenVPN doesn't send the packets to the kernel before routing them back out another client, so running TCPDump on the server doesn't show the data flowing from client1 through the server to client2.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Create pcap of Client to Client traffic from Server
If you use --client-to-client, packets are not exposed to kernel.
Disable it and capture on the tun interface.
https://community.openvpn.net/openvpn/w ... acketsFlow
Disable it and capture on the tun interface.
https://community.openvpn.net/openvpn/w ... acketsFlow
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Aug 27, 2022 3:25 pm
Re: Create pcap of Client to Client traffic from Server
Will I have to add any static routes on the server/clients, or will the routes/iroutes in the openvpn config be handed to the OS?Pippin wrote: ↑Sat Aug 27, 2022 7:05 pmIf you use --client-to-client, packets are not exposed to kernel.
Disable it and capture on the tun interface.
https://community.openvpn.net/openvpn/w ... acketsFlow
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Create pcap of Client to Client traffic from Server
You have not shared configs but it seems LAN-to-LAN is working.
I would expect it to continue working unless the (server)firewall is in the way.
I would expect it to continue working unless the (server)firewall is in the way.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Sat Aug 27, 2022 3:25 pm
Re: Create pcap of Client to Client traffic from Server
Interesting, thanks for the help! I thought client-to-client was required for clients to communicate _at all_, not just without using the server kernel. I'll try that on Monday and report back!