Dell optiplex 3050 issue

This is the forum to post your config. Include diagrams, usage graphs, and all the other goodies to show off your network.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Dell optiplex 3050 issue

Post by cornichon » Sat Oct 19, 2019 7:19 am

Hi everybody, first of all, I want to apologise for my awful English.
( My best and my worst mark in english was 3/20 for the whole duration of my studies )

Now, I hope I'm in the right place to explain my issue.

What I've done:
I've made a site to site level 2 VPN with openvpn.

The VPN work perfectly like my sites where directly wired by my own wire.
The VPN work really well for all my equipments switches, IP phones, miscellaneous IP devices, computers.

The issue :
It work on all computers except my all DELL optiplex 3050.

I've tested theses computers whith :
- different bios releases
- different bios settings
- deactivated the network card & reactivated it to overwrite the nvram (known bug, for some DELL computer when a bios upgrade was done)
- Windows 7 x64
- Windows 10 x64 1903
- Windows 10 x64 1703
- Linux
- different network drivers releases on the 3 windows operating systems



What I see with tcpdump:
- If a ping was send to this computer from the other side of the vpn, this computer receive it, answer to it, but the answer cannot be send to the other vpn side.

- If a ping was launched from this computer to the other side of the vpn, the ping didn't cross the vpn link

- it the same if the computer is on server or client side





It work really perfectly with everything except this exact model of computer.
For me it is something impossible, then I don't understand why only with theses computers it don't work.

TinCanTech
OpenVPN Protagonist
Posts: 11138
Joined: Fri Jun 03, 2016 1:17 pm

Re: Dell optiplex 3050 issue

Post by TinCanTech » Sat Oct 19, 2019 2:02 pm


User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Sat Oct 19, 2019 2:21 pm

TinCanTech wrote:
Sat Oct 19, 2019 2:02 pm
Please see:
viewtopic.php?f=30&t=22603#p68963
thanks for your answer i will put all my configuration files monday

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Mon Oct 21, 2019 11:19 am

Server side
debian

/etc/network/interfaces

Code: Select all

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0


####################################### vlans

# Management
#Vlan 1 sur eth0
auto eth0.1
iface eth0.1 inet manual
	up ip link set dev eth0.1 up
	up ip link set dev eth0.1 promisc on
	down ip link set dev eth0.1 promisc off

# ADSL_DSI
#vlan 294 sur eth0
auto eth0.294
iface eth0.294 inet static
	address 192.168.1.220/24
	gateway 192.168.1.1
	dns-nameservers 192.168.1.1

# Epstien_data
#vlan 329 sur eth0
auto eth0.329
iface eth0.329 inet manual
	up ip link set dev eth0.329 up
	up ip link set dev eth0.329 promisc on
	down ip link set dev eth0.329 promisc off

# OTSI_Data
#vlan 333 sur eth0
auto eth0.333
iface eth0.333 inet manual
	up ip link set dev eth0.333 up
	up ip link set dev eth0.333 promisc on
	down ip link set dev eth0.333 promisc off

# Epstein_ToIP
#vlan 429 sur eth0
auto eth0.429
iface eth0.329 inet manual
	up ip link set dev eth0.429 up
	up ip link set dev eth0.429 promisc on
	down ip link set dev eth0.429 promisc off

# OTSI_ToIP
#vlan 433 sur eth0
auto eth0.433
iface eth0.433 inet manual
	up ip link set dev eth0.433 up
	up ip link set dev eth0.433 promisc on
	down ip link set dev eth0.433 promisc off


####################################### tap


Allow-hotplug tap1
auto tap1
iface tap1 inet manual
	pre-up openvpn --mktun --dev tap1
	up ip link set dev tap1 up
	up ip link set dev tap1 promisc on
	down ip link set dev tap1 promisc off
	post down ip link del dev tap1

Allow-hotplug tap333
auto tap333
iface tap333 inet manual
	pre-up openvpn --mktun --dev tap333
	up ip link set dev tap333 up
	up ip link set dev tap333 promisc on
	down ip link set dev tap333 promisc off
	post down ip link del dev tap333

Allow-hotplug tap329
auto tap329
iface tap329 inet manual
	pre-up openvpn --mktun --dev tap329
	up ip link set dev tap329 up
	up ip link set dev tap329 promisc on
	down ip link set dev tap329 promisc off
	post down ip link del dev tap329

Allow-hotplug tap429
auto tap429
iface tap429 inet manual
	pre-up openvpn --mktun --dev tap429
	up ip link set dev tap429 up
	up ip link set dev tap429 promisc on
	down ip link set dev tap429 promisc off
	post down ip link del dev tap429

Allow-hotplug tap433
auto tap433
iface tap433 inet manual
	pre-up openvpn --mktun --dev tap433
	up ip link set dev tap433 up
	up ip link set dev tap433 promisc on
	down ip link set dev tap433 promisc off
	post down ip link del dev tap433



####################################### br


auto br1
iface br1 inet manual
	bridge_ports eth0.1 tap1

auto br333
iface br333 inet manual
	bridge_ports eth0.333 tap333

auto br329
iface br329 inet manual
	bridge_ports eth0.329 tap329

auto br433
iface br433 inet manual
	bridge_ports eth0.433 tap433

auto br429
iface br429 inet manual
	bridge_ports eth0.429 tap429
/etc/openvpn/vlan1_port1194.conf

Code: Select all

port 1194
proto udp
dev tap1
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key  # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
/etc/openvpn/vlan329_port1195.conf

Code: Select all

port 1195
proto udp
dev tap329
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key  # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
/etc/openvpn/vlan333_port1196.conf

Code: Select all

port 1196
proto udp
dev tap333
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key  # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
/etc/openvpn/vlan429_port1197.conf

Code: Select all

port 1197
proto udp
dev tap429
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key  # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
/etc/openvpn/vlan433_port1198.conf

Code: Select all

port 1198
proto udp
dev tap433
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key  # This file should be kept secret
dh /etc/openvpn/server/dh4096.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Mon Oct 21, 2019 11:25 am

First client side :
raspbian

/etc/network/interfaces

Code: Select all

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

#The primary network interface
allow-hotplug eth0
iface eth0 inet manual


####################################### vlans

# Management
#Vlan 1 sur eth0
auto eth0.1
iface eth0.1 inet manual
	up ip link set dev eth0.1 up
	up ip link set dev eth0.1 promisc on
	down ip link set dev eth0.1 promisc off

# Box ADSL
#vlan 293 sur eth0
auto eth0.293
iface eth0.293 inet dhcp

# Epstien_data
#vlan 329 sur eth0
auto eth0.329
iface eth0.329 inet manual
	up ip link set dev eth0.329 up
	up ip link set dev eth0.329 promisc on
	down ip link set dev eth0.329 promisc off

# Epstein_ToIP
#vlan 429 sur eth0
auto eth0.429
iface eth0.429 inet manual
	up ip link set dev eth0.429 up
	up ip link set dev eth0.429 promisc on
	down ip link set dev eth0.429 promisc off


####################################### tap

allow-hotplug tap1
auto tap1
iface tap1 inet manual
	pre-up openvpn --mktun --dev tap1
	up ip link set dev tap1 up
	up ip link set dev tap1 promisc on
	down ip link set dev tap1 promisc off
	post down ip link del dev tap1

allow-hotplug tap329
auto tap329
iface tap329 inet manual
	pre-up openvpn --mktun --dev tap329
	up ip link set dev tap329 up
	up ip link set dev tap329 promisc on
	down ip link set dev tap329 promisc off
	post down ip link del dev tap329

allow-hotplug tap429
auto tap429
iface tap429 inet manual
	pre-up openvpn --mktun --dev tap429
	up ip link set dev tap429 up
	up ip link set dev tap429 promisc on
	down ip link set dev tap429 promisc off
	post down ip link del dev tap429

####################################### br

auto br1
iface br1 inet manual
	bridge_ports eth0.1 tap1

auto br329
iface br329 inet manual
	bridge_ports eth0.329 tap329

auto br429
iface br429 inet manual
	bridge_ports eth0.429 tap429
/etc/openvpn/vlan1_port1194.conf

Code: Select all

client
dev tap1
proto udp
remote 192.168.1.220 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
/etc/openvpn/vlan329_port1195.conf

Code: Select all

client
dev tap329
proto udp
remote 192.168.1.220 1195
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
/etc/openvpn/vlan429_port1197.conf

Code: Select all

client
dev tap429
proto udp
remote 192.168.1.220 1197
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Mon Oct 21, 2019 11:28 am

Second client side :
raspbian

/etc/network/interfaces

Code: Select all

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

#The primary network interface
allow-hotplug eth0
iface eth0 inet manual


####################################### vlans

# Management
#Vlan 1 sur eth0
auto eth0.1
iface eth0.1 inet manual
	up ip link set dev eth0.1 up
	up ip link set dev eth0.1 promisc on
	down ip link set dev eth0.1 promisc off

# Box ADSL
#vlan 293 sur eth0
auto eth0.293
iface eth0.293 inet dhcp

# OTSI_data
#vlan 333 sur eth0
auto eth0.333
iface eth0.333 inet manual
	up ip link set dev eth0.333 up
	up ip link set dev eth0.333 promisc on
	down ip link set dev eth0.333 promisc off

# OTSI_ToIP
#vlan 433 sur eth0
auto eth0.433
iface eth0.433 inet manual
	up ip link set dev eth0.433 up
	up ip link set dev eth0.433 promisc on
	down ip link set dev eth0.433 promisc off


####################################### tap

allow-hotplug tap1
auto tap1
iface tap1 inet manual
	pre-up openvpn --mktun --dev tap1
	up ip link set dev tap1 up
	up ip link set dev tap1 promisc on
	down ip link set dev tap1 promisc off
	post down ip link del dev tap1

allow-hotplug tap333
auto tap333
iface tap333 inet manual
	pre-up openvpn --mktun --dev tap333
	up ip link set dev tap333 up
	up ip link set dev tap333 promisc on
	down ip link set dev tap333 promisc off
	post down ip link del dev tap333

allow-hotplug tap433
auto tap433
iface tap433 inet manual
	pre-up openvpn --mktun --dev tap433
	up ip link set dev tap433 up
	up ip link set dev tap433 promisc on
	down ip link set dev tap433 promisc off
	post down ip link del dev tap433

####################################### br

auto br1
iface br1 inet manual
	bridge_ports eth0.1 tap1

auto br333
iface br333 inet manual
	bridge_ports eth0.333 tap333

auto br433
iface br433 inet manual
	bridge_ports eth0.433 tap433
/etc/openvpn/vlan1_port1194.conf

Code: Select all

client
dev tap1
proto udp
remote 192.168.1.220 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
/etc/openvpn/vlan333_port1196.conf

Code: Select all

client
dev tap333
proto udp
remote 192.168.1.220 1196
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3
/etc/openvpn/vlan433_port1198.conf

Code: Select all

client
dev tap433
proto udp
remote 192.168.1.220 1198
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
verb 3

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Mon Oct 21, 2019 11:36 am

Actually openvpn clients are on raspberry, but I have exactly same issue if I use computers with debian instead.


Everything work perfectly in all vlans except DELL "optiplex 3050" never work.
Also didn't work if there is only one vlan.
This kind of computer make me mad.

Actually I put this in production because I have a deadline and people need to work.
To make work my foreign sites now, I've changed all computers.
But I need to find an answer for my other foreign sites.

Thank you for the time you've taken to read me.

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Tue Oct 22, 2019 6:22 am

I will try to make another server & client in laboratory to take logs as soon as possible
with only one conf file it's enough to reproduce the issue

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Tue Oct 22, 2019 11:07 am

I've found something in syslog

Code: Select all

Oct 22 12:33:22 ClientVPN ovpn-vlan329_port1194[739]: Bad LZ4v2 decompression header byte: 10
If I disable the lz4-v2 compression it work.
It also work with lz4 & lzo compression.

Is it a known issue with the lz4-v2 compression ?

User avatar
cornichon
OpenVpn Newbie
Posts: 15
Joined: Sat Oct 19, 2019 6:47 am

Re: Dell optiplex 3050 issue

Post by cornichon » Sun Oct 27, 2019 7:21 pm

I've disabled the compression

Post Reply