Dell optiplex 3050 issue
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Dell optiplex 3050 issue
Hi everybody, first of all, I want to apologise for my awful English.
( My best and my worst mark in english was 3/20 for the whole duration of my studies )
Now, I hope I'm in the right place to explain my issue.
What I've done:
I've made a site to site level 2 VPN with openvpn.
The VPN work perfectly like my sites where directly wired by my own wire.
The VPN work really well for all my equipments switches, IP phones, miscellaneous IP devices, computers.
The issue :
It work on all computers except my all DELL optiplex 3050.
I've tested theses computers whith :
- different bios releases
- different bios settings
- deactivated the network card & reactivated it to overwrite the nvram (known bug, for some DELL computer when a bios upgrade was done)
- Windows 7 x64
- Windows 10 x64 1903
- Windows 10 x64 1703
- Linux
- different network drivers releases on the 3 windows operating systems
What I see with tcpdump:
- If a ping was send to this computer from the other side of the vpn, this computer receive it, answer to it, but the answer cannot be send to the other vpn side.
- If a ping was launched from this computer to the other side of the vpn, the ping didn't cross the vpn link
- it the same if the computer is on server or client side
It work really perfectly with everything except this exact model of computer.
For me it is something impossible, then I don't understand why only with theses computers it don't work.
( My best and my worst mark in english was 3/20 for the whole duration of my studies )
Now, I hope I'm in the right place to explain my issue.
What I've done:
I've made a site to site level 2 VPN with openvpn.
The VPN work perfectly like my sites where directly wired by my own wire.
The VPN work really well for all my equipments switches, IP phones, miscellaneous IP devices, computers.
The issue :
It work on all computers except my all DELL optiplex 3050.
I've tested theses computers whith :
- different bios releases
- different bios settings
- deactivated the network card & reactivated it to overwrite the nvram (known bug, for some DELL computer when a bios upgrade was done)
- Windows 7 x64
- Windows 10 x64 1903
- Windows 10 x64 1703
- Linux
- different network drivers releases on the 3 windows operating systems
What I see with tcpdump:
- If a ping was send to this computer from the other side of the vpn, this computer receive it, answer to it, but the answer cannot be send to the other vpn side.
- If a ping was launched from this computer to the other side of the vpn, the ping didn't cross the vpn link
- it the same if the computer is on server or client side
It work really perfectly with everything except this exact model of computer.
For me it is something impossible, then I don't understand why only with theses computers it don't work.
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
thanks for your answer i will put all my configuration files monday
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
Server side
debian
/etc/network/interfaces
/etc/openvpn/vlan1_port1194.conf
/etc/openvpn/vlan329_port1195.conf
/etc/openvpn/vlan333_port1196.conf
/etc/openvpn/vlan429_port1197.conf
/etc/openvpn/vlan433_port1198.conf
debian
/etc/network/interfaces
Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
####################################### vlans
# Management
#Vlan 1 sur eth0
auto eth0.1
iface eth0.1 inet manual
up ip link set dev eth0.1 up
up ip link set dev eth0.1 promisc on
down ip link set dev eth0.1 promisc off
# ADSL_DSI
#vlan 294 sur eth0
auto eth0.294
iface eth0.294 inet static
address 192.168.1.220/24
gateway 192.168.1.1
dns-nameservers 192.168.1.1
# Epstien_data
#vlan 329 sur eth0
auto eth0.329
iface eth0.329 inet manual
up ip link set dev eth0.329 up
up ip link set dev eth0.329 promisc on
down ip link set dev eth0.329 promisc off
# OTSI_Data
#vlan 333 sur eth0
auto eth0.333
iface eth0.333 inet manual
up ip link set dev eth0.333 up
up ip link set dev eth0.333 promisc on
down ip link set dev eth0.333 promisc off
# Epstein_ToIP
#vlan 429 sur eth0
auto eth0.429
iface eth0.329 inet manual
up ip link set dev eth0.429 up
up ip link set dev eth0.429 promisc on
down ip link set dev eth0.429 promisc off
# OTSI_ToIP
#vlan 433 sur eth0
auto eth0.433
iface eth0.433 inet manual
up ip link set dev eth0.433 up
up ip link set dev eth0.433 promisc on
down ip link set dev eth0.433 promisc off
####################################### tap
Allow-hotplug tap1
auto tap1
iface tap1 inet manual
pre-up openvpn --mktun --dev tap1
up ip link set dev tap1 up
up ip link set dev tap1 promisc on
down ip link set dev tap1 promisc off
post down ip link del dev tap1
Allow-hotplug tap333
auto tap333
iface tap333 inet manual
pre-up openvpn --mktun --dev tap333
up ip link set dev tap333 up
up ip link set dev tap333 promisc on
down ip link set dev tap333 promisc off
post down ip link del dev tap333
Allow-hotplug tap329
auto tap329
iface tap329 inet manual
pre-up openvpn --mktun --dev tap329
up ip link set dev tap329 up
up ip link set dev tap329 promisc on
down ip link set dev tap329 promisc off
post down ip link del dev tap329
Allow-hotplug tap429
auto tap429
iface tap429 inet manual
pre-up openvpn --mktun --dev tap429
up ip link set dev tap429 up
up ip link set dev tap429 promisc on
down ip link set dev tap429 promisc off
post down ip link del dev tap429
Allow-hotplug tap433
auto tap433
iface tap433 inet manual
pre-up openvpn --mktun --dev tap433
up ip link set dev tap433 up
up ip link set dev tap433 promisc on
down ip link set dev tap433 promisc off
post down ip link del dev tap433
####################################### br
auto br1
iface br1 inet manual
bridge_ports eth0.1 tap1
auto br333
iface br333 inet manual
bridge_ports eth0.333 tap333
auto br329
iface br329 inet manual
bridge_ports eth0.329 tap329
auto br433
iface br433 inet manual
bridge_ports eth0.433 tap433
auto br429
iface br429 inet manual
bridge_ports eth0.429 tap429
Code: Select all
port 1194
proto udp
dev tap1
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Code: Select all
port 1195
proto udp
dev tap329
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Code: Select all
port 1196
proto udp
dev tap333
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Code: Select all
port 1197
proto udp
dev tap429
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Code: Select all
port 1198
proto udp
dev tap433
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
First client side :
raspbian
/etc/network/interfaces
/etc/openvpn/vlan1_port1194.conf
/etc/openvpn/vlan329_port1195.conf
/etc/openvpn/vlan429_port1197.conf
raspbian
/etc/network/interfaces
Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
#The primary network interface
allow-hotplug eth0
iface eth0 inet manual
####################################### vlans
# Management
#Vlan 1 sur eth0
auto eth0.1
iface eth0.1 inet manual
up ip link set dev eth0.1 up
up ip link set dev eth0.1 promisc on
down ip link set dev eth0.1 promisc off
# Box ADSL
#vlan 293 sur eth0
auto eth0.293
iface eth0.293 inet dhcp
# Epstien_data
#vlan 329 sur eth0
auto eth0.329
iface eth0.329 inet manual
up ip link set dev eth0.329 up
up ip link set dev eth0.329 promisc on
down ip link set dev eth0.329 promisc off
# Epstein_ToIP
#vlan 429 sur eth0
auto eth0.429
iface eth0.429 inet manual
up ip link set dev eth0.429 up
up ip link set dev eth0.429 promisc on
down ip link set dev eth0.429 promisc off
####################################### tap
allow-hotplug tap1
auto tap1
iface tap1 inet manual
pre-up openvpn --mktun --dev tap1
up ip link set dev tap1 up
up ip link set dev tap1 promisc on
down ip link set dev tap1 promisc off
post down ip link del dev tap1
allow-hotplug tap329
auto tap329
iface tap329 inet manual
pre-up openvpn --mktun --dev tap329
up ip link set dev tap329 up
up ip link set dev tap329 promisc on
down ip link set dev tap329 promisc off
post down ip link del dev tap329
allow-hotplug tap429
auto tap429
iface tap429 inet manual
pre-up openvpn --mktun --dev tap429
up ip link set dev tap429 up
up ip link set dev tap429 promisc on
down ip link set dev tap429 promisc off
post down ip link del dev tap429
####################################### br
auto br1
iface br1 inet manual
bridge_ports eth0.1 tap1
auto br329
iface br329 inet manual
bridge_ports eth0.329 tap329
auto br429
iface br429 inet manual
bridge_ports eth0.429 tap429
Code: Select all
client
dev tap1
proto udp
remote 192.168.1.220 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
Code: Select all
client
dev tap329
proto udp
remote 192.168.1.220 1195
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
Code: Select all
client
dev tap429
proto udp
remote 192.168.1.220 1197
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
Second client side :
raspbian
/etc/network/interfaces
/etc/openvpn/vlan1_port1194.conf
/etc/openvpn/vlan333_port1196.conf
/etc/openvpn/vlan433_port1198.conf
raspbian
/etc/network/interfaces
Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
#The primary network interface
allow-hotplug eth0
iface eth0 inet manual
####################################### vlans
# Management
#Vlan 1 sur eth0
auto eth0.1
iface eth0.1 inet manual
up ip link set dev eth0.1 up
up ip link set dev eth0.1 promisc on
down ip link set dev eth0.1 promisc off
# Box ADSL
#vlan 293 sur eth0
auto eth0.293
iface eth0.293 inet dhcp
# OTSI_data
#vlan 333 sur eth0
auto eth0.333
iface eth0.333 inet manual
up ip link set dev eth0.333 up
up ip link set dev eth0.333 promisc on
down ip link set dev eth0.333 promisc off
# OTSI_ToIP
#vlan 433 sur eth0
auto eth0.433
iface eth0.433 inet manual
up ip link set dev eth0.433 up
up ip link set dev eth0.433 promisc on
down ip link set dev eth0.433 promisc off
####################################### tap
allow-hotplug tap1
auto tap1
iface tap1 inet manual
pre-up openvpn --mktun --dev tap1
up ip link set dev tap1 up
up ip link set dev tap1 promisc on
down ip link set dev tap1 promisc off
post down ip link del dev tap1
allow-hotplug tap333
auto tap333
iface tap333 inet manual
pre-up openvpn --mktun --dev tap333
up ip link set dev tap333 up
up ip link set dev tap333 promisc on
down ip link set dev tap333 promisc off
post down ip link del dev tap333
allow-hotplug tap433
auto tap433
iface tap433 inet manual
pre-up openvpn --mktun --dev tap433
up ip link set dev tap433 up
up ip link set dev tap433 promisc on
down ip link set dev tap433 promisc off
post down ip link del dev tap433
####################################### br
auto br1
iface br1 inet manual
bridge_ports eth0.1 tap1
auto br333
iface br333 inet manual
bridge_ports eth0.333 tap333
auto br433
iface br433 inet manual
bridge_ports eth0.433 tap433
Code: Select all
client
dev tap1
proto udp
remote 192.168.1.220 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
Code: Select all
client
dev tap333
proto udp
remote 192.168.1.220 1196
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
Code: Select all
client
dev tap433
proto udp
remote 192.168.1.220 1198
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
Actually openvpn clients are on raspberry, but I have exactly same issue if I use computers with debian instead.
Everything work perfectly in all vlans except DELL "optiplex 3050" never work.
Also didn't work if there is only one vlan.
This kind of computer make me mad.
Actually I put this in production because I have a deadline and people need to work.
To make work my foreign sites now, I've changed all computers.
But I need to find an answer for my other foreign sites.
Thank you for the time you've taken to read me.
Everything work perfectly in all vlans except DELL "optiplex 3050" never work.
Also didn't work if there is only one vlan.
This kind of computer make me mad.
Actually I put this in production because I have a deadline and people need to work.
To make work my foreign sites now, I've changed all computers.
But I need to find an answer for my other foreign sites.
Thank you for the time you've taken to read me.
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
I will try to make another server & client in laboratory to take logs as soon as possible
with only one conf file it's enough to reproduce the issue
with only one conf file it's enough to reproduce the issue
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
I've found something in syslog
If I disable the lz4-v2 compression it work.
It also work with lz4 & lzo compression.
Is it a known issue with the lz4-v2 compression ?
Code: Select all
Oct 22 12:33:22 ClientVPN ovpn-vlan329_port1194[739]: Bad LZ4v2 decompression header byte: 10
It also work with lz4 & lzo compression.
Is it a known issue with the lz4-v2 compression ?
- cornichon
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Oct 19, 2019 6:47 am
Re: Dell optiplex 3050 issue
I've disabled the compression