Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT? OpenVPN? not sure what i need help with here..

    Scheduled Pinned Locked Moved General pfSense Questions
    25 Posts 3 Posters 6.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      luke240778
      last edited by

      @cmb:

      Sounds like routing on the devices, possibly the devices you can't get to don't have a default gateway or have a wrong default gateway.

      No, they all have 10.0.0.1 as their default gateway, this is correct.  Plus it works inside the netowrk fine, only over the VPN connection it isn't working any more…

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        @luke240778:

        Plus it works inside the netowrk fine, only over the VPN connection it isn't working any more…

        Which is exactly why it sounds like the default gateway, it has no relevance inside the network.

        Time to packet capture to trace what's getting where. Start with the OpenVPN interface on the box terminating the VPN, see if it's getting there. Then the LAN on that box. Then the destination host. Where do you see it and where do you not?

        1 Reply Last reply Reply Quote 0
        • L Offline
          luke240778
          last edited by

          umm.. you have lost me now.. don't really understand how to do what you are asking..

          Are you saying packet capture from Pfsense VPN interface to my laptop when connected over vpn?

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            Diag>Packet capture, first on the OpenVPN interface. If you see the traffic there, move to the LAN interface. If you see the traffic there, it's being passed to the internal device and it's not responding, or not routing the response back to where it needs to go.

            1 Reply Last reply Reply Quote 0
            • L Offline
              luke240778
              last edited by

              Seeing that all this works on the internal network i am guessing that you are meaning to do this from the webgui on my laptop when connected via vpn?

              1 Reply Last reply Reply Quote 0
              • C Offline
                cmb
                last edited by

                @luke240778:

                Seeing that all this works on the internal network i am guessing that you are meaning to do this from the webgui on my laptop when connected via vpn?

                yes. You need to track where the traffic is and where it isn't.

                1 Reply Last reply Reply Quote 0
                • L Offline
                  luke240778
                  last edited by

                  I have no idea how to decifer this. The following is the results of a Packet capture whilst logged in via vpn, with webgui on my laptop.  Whilst capturing packets on the VPN interface i logged into GUI of 10.0.0.6:9080 which does work, then i tried to login to 10.0.0.50 which doesnt work, here are the results:

                  
08:43:40.220332 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.220369 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.474768 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.474796 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.474817 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553582 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.553609 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553620 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553640 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553649 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620242 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.620264 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620274 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620307 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.620321 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620329 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.681075 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.681099 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 964
08:43:40.685290 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.778857 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 0
08:43:40.778926 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.792469 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 650
08:43:40.792497 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 0
08:43:40.792929 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 410
08:43:40.793149 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.793157 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 194
08:43:40.794920 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 0
08:43:40.794954 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.797519 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 0
08:43:40.797548 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.800607 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 0
08:43:40.800635 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.803740 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 0
08:43:40.803768 IP 10.0.0.1.443 > 192.168.0.6.58370: tcp 0
08:43:40.832265 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 0
08:43:40.840876 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 355
08:43:40.840899 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.841207 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 145
08:43:40.851404 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.854675 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 0
08:43:40.857383 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 0
08:43:40.866048 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 355
08:43:40.866067 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.866309 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 145
08:43:40.874166 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 355
08:43:40.874185 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.874409 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 145
08:43:40.887045 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 650
08:43:40.887070 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 0
08:43:40.887394 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 410
08:43:40.887518 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 442
08:43:40.888921 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 0
08:43:40.897584 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 355
08:43:40.897601 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.897848 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 145
08:43:40.900215 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 0
08:43:40.908639 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 355
08:43:40.908658 IP 10.0.0.1.443 > 192.168.0.6.58370: tcp 0
08:43:40.908965 IP 10.0.0.1.443 > 192.168.0.6.58370: tcp 145
08:43:40.912101 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 59
08:43:40.912125 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.914679 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 0
08:43:40.914696 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.914785 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 37
08:43:40.914866 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.918111 IP 192.168.0.6.58371 > 10.0.0.1.443: tcp 0
08:43:40.918173 IP 10.0.0.1.443 > 192.168.0.6.58371: tcp 0
08:43:40.934110 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 59
08:43:40.934132 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.936914 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 0
08:43:40.936933 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.937021 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 37
08:43:40.937100 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.939954 IP 192.168.0.6.58372 > 10.0.0.1.443: tcp 0
08:43:40.939981 IP 10.0.0.1.443 > 192.168.0.6.58372: tcp 0
08:43:40.943981 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 59
08:43:40.944002 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.946679 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 0
08:43:40.946699 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.946787 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 37
08:43:40.946866 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.949645 IP 192.168.0.6.58373 > 10.0.0.1.443: tcp 0
08:43:40.949674 IP 10.0.0.1.443 > 192.168.0.6.58373: tcp 0
08:43:40.952678 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.966107 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 666
08:43:40.966127 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 0
08:43:40.966429 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 410
08:43:40.966727 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.966738 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.966747 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.966754 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.969046 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 59
08:43:40.969071 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.971619 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 0
08:43:40.971637 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.971725 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 37
08:43:40.971805 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.974678 IP 192.168.0.6.58374 > 10.0.0.1.443: tcp 0
08:43:40.974718 IP 10.0.0.1.443 > 192.168.0.6.58374: tcp 0
08:43:40.978690 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 59

                  Then i did the exact same with teh LAN interfece selected in Packet Capture:

                  
08:49:36.443728 IP 10.0.10.13.1146 > 74.125.234.26.80: tcp 0
08:49:36.443862 IP 10.0.10.13.1147 > 23.15.7.8.80: tcp 0
08:49:36.443953 IP 188.80.185.138.62889 > 10.0.10.103.16847: UDP, length 20
08:49:36.448148 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.455238 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.457012 IP 213.39.219.30.4662 > 10.0.10.50.59415: tcp 0
08:49:36.458080 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.458087 IP 200.159.128.189.80 > 10.0.10.13.1149: tcp 1460
08:49:36.458095 IP 23.15.7.8.80 > 10.0.10.13.1147: tcp 0
08:49:36.460162 IP 10.0.10.103.8786 > 186.249.137.109.2108: UDP, length 965
08:49:36.466676 IP 10.0.12.120.6907 > 190.18.42.143.33977: UDP, length 34
08:49:36.468096 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.474899 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 100
08:49:36.477753 IP 74.125.234.26.80 > 10.0.10.13.1150: tcp 857
08:49:36.478076 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.482616 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 442
08:49:36.482646 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 74
08:49:36.482679 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 314
08:49:36.482705 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 74
08:49:36.483206 IP 10.0.0.6.2364 > 10.0.0.1.443: tcp 0
08:49:36.483232 IP 10.0.0.6.2364 > 10.0.0.1.443: tcp 0
08:49:36.484313 IP 121.138.153.155.4284 > 10.0.0.6.3389: tcp 592
08:49:36.484423 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 74
08:49:36.484842 IP 10.0.0.6.3389 > 121.138.153.155.4284: tcp 48
08:49:36.484884 IP 10.0.0.6.3389 > 121.138.153.155.4284: tcp 52
08:49:36.484970 IP 10.0.0.6.3389 > 121.138.153.155.4284: tcp 52
08:49:36.488108 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.496057 IP 10.0.10.76.2638 > 74.125.36.1.80: tcp 1460
08:49:36.496120 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 0
08:49:36.498082 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.498207 IP 65.54.49.31.1863 > 10.0.10.103.1655: tcp 0
08:49:36.503303 IP 10.0.10.76.2638 > 74.125.36.1.80: tcp 667
08:49:36.503339 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 0
08:49:36.508849 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.513544 08:10:74:75:8b:e6 > ff:ff:ff:ff:ff:ff Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 46
08:49:36.518056 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.524856 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 13
08:49:36.528048 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.535349 IP 10.0.10.103.16847 > 89.214.218.155.46392: UDP, length 20
08:49:36.540535 IP 10.0.10.13.1149 > 200.159.128.189.80: tcp 0
08:49:36.540575 IP 200.159.128.189.80 > 10.0.10.13.1149: tcp 845
08:49:36.546094 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.551686 IP 10.0.10.87.2048 > 10.0.0.1.53: UDP, length 43
08:49:36.551859 IP 10.0.0.1.53 > 10.0.10.87.2048: UDP, length 59
08:49:36.556023 IP 68.97.251.241.56714 > 10.0.10.91.10398: UDP, length 317
08:49:36.556318 IP 10.0.10.50.7381 > 109.13.253.161.4259: UDP, length 37
08:49:36.558091 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.558098 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.561155 IP 190.192.131.27.24060 > 10.0.12.120.6907: UDP, length 144
08:49:36.566046 ARP, Request who-has 10.0.0.1 tell 10.0.10.184, length 46
08:49:36.566071 ARP, Reply 10.0.0.1 is-at 00:0c:29:82:6d:ef, length 28
08:49:36.567481 IP 74.53.32.202.25 > 10.0.10.87.3655: tcp 0
08:49:36.568093 IP 74.53.32.202.25 > 10.0.10.87.3655: tcp 188
08:49:36.569691 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.572617 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.575827 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.580025 IP 10.0.10.76.2645 > 74.125.234.13.80: tcp 0
08:49:36.580074 IP 74.125.234.13.80 > 10.0.10.76.2645: tcp 0
08:49:36.580081 IP 10.0.10.87.3657 > 74.53.32.202.21: tcp 0
08:49:36.588040 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.588057 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.588206 IP 10.0.10.91.10398 > 176.51.202.30.25087: UDP, length 106
08:49:36.597640 IP 10.0.10.87.3655 > 74.53.32.202.25: tcp 44
08:49:36.598105 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.600253 IP 10.0.0.6.2364 > 10.0.0.1.443: tcp 0
08:49:36.608048 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.608079 IP 10.0.10.103.8786 > 186.249.137.109.2108: UDP, length 521
08:49:36.612458 IP 10.0.10.110.49166 > 23.21.209.61.80: tcp 0
08:49:36.615733 IP 10.0.12.120.6907 > 108.224.81.95.24488: UDP, length 34
08:49:36.616768 IP 10.0.10.50.59415 > 213.39.219.30.4662: tcp 1300
08:49:36.618036 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.628035 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.630824 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.632599 IP 10.0.10.50.59415 > 213.39.219.30.4662: tcp 1300
08:49:36.633022 IP 10.0.10.50.59417 > 186.59.67.143.34155: tcp 1300
08:49:36.638944 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.642736 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.648083 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.648379 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.653604 IP 186.249.137.109.27777 > 10.0.10.103.15630: UDP, length 28
08:49:36.658040 IP 186.249.137.109.27777 > 10.0.10.103.15630: UDP, length 200
08:49:36.658047 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.668072 IP 186.249.137.109.24904 > 10.0.10.103.30340: UDP, length 208
08:49:36.668079 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.668179 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.675874 IP 10.0.10.110.49166 > 23.21.209.61.80: tcp 0
08:49:36.675950 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 98
08:49:36.678053 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.686379 IP 10.0.10.103.16847 > 188.80.185.138.62889: UDP, length 20
08:49:36.688046 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.689794 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.699153 IP 10.0.0.0 > 224.0.0.1: igmp
08:49:36.705590 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 472
08:49:36.708018 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 744
08:49:36.708025 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.712886 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 13
08:49:36.714776 IP 74.53.32.202.21 > 10.0.10.87.3657: tcp 0
08:49:36.718025 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.726489 IP 10.0.10.110.2048 > 10.0.0.1.53: UDP, length 34
08:49:36.728044 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    cmb
                    last edited by

                    looks like you limited it to 100 packets, and didn't filter it by IP, so you're missing the relevant traffic there. Put in 10.0.0.50 as the address so it just sees that, 0 as the count (though it won't really matter with the filter on there), and try the same again.

                    1 Reply Last reply Reply Quote 0
                    • L Offline
                      luke240778
                      last edited by

                      Ok, this is all i get from that on VPN Interface:

                      21:47:00.178564 IP 192.168.0.6.63111 > 10.0.0.50.80: tcp 0
                      21:47:00.181121 IP 192.168.0.6.63112 > 10.0.0.50.80: tcp 0
                      21:47:03.174617 IP 192.168.0.6.63111 > 10.0.0.50.80: tcp 0
                      21:47:03.178406 IP 192.168.0.6.63112 > 10.0.0.50.80: tcp 0
                      21:47:09.177196 IP 192.168.0.6.63111 > 10.0.0.50.80: tcp 0
                      21:47:09.180098 IP 192.168.0.6.63112 > 10.0.0.50.80: tcp 0

                      And this on LAN interface:

                      21:49:49.935138 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                      21:49:49.936001 IP 10.0.0.50.80 > 192.168.0.6.63143: tcp 0
                      21:49:49.936038 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                      21:49:49.937900 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                      21:49:49.938609 IP 10.0.0.50.80 > 192.168.0.6.63144: tcp 0
                      21:49:49.938640 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                      21:49:50.187409 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                      21:49:50.188626 IP 10.0.0.50.80 > 192.168.0.6.63145: tcp 0
                      21:49:50.188663 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                      21:49:52.936299 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                      21:49:52.939297 IP 10.0.0.50.80 > 192.168.0.6.63144: tcp 0
                      21:49:52.939338 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                      21:49:52.940308 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                      21:49:52.941788 IP 10.0.0.50.80 > 192.168.0.6.63143: tcp 0
                      21:49:52.941820 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                      21:49:53.186213 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                      21:49:53.187786 IP 10.0.0.50.80 > 192.168.0.6.63145: tcp 0
                      21:49:53.187822 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                      21:49:57.932174 ARP, Request who-has 10.0.0.1 tell 10.0.0.50, length 46
                      21:49:57.932202 ARP, Reply 10.0.0.1 is-at 00:0c:29:82:6d:ef, length 28
                      21:49:58.935279 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                      21:49:58.936094 IP 10.0.0.50.80 > 192.168.0.6.63143: tcp 0
                      21:49:58.936128 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                      21:49:58.938132 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                      21:49:58.939000 IP 10.0.0.50.80 > 192.168.0.6.63144: tcp 0
                      21:49:58.939032 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                      21:49:59.187646 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                      21:49:59.188552 IP 10.0.0.50.80 > 192.168.0.6.63145: tcp 0
                      21:49:59.188589 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                      21:50:03.043351 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                      21:50:03.043564 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30
                      21:50:03.049895 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                      21:50:03.050000 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30
                      21:50:03.058457 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                      21:50:03.058552 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30
                      21:50:03.063098 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                      21:50:03.063208 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        cmb
                        last edited by

                        That verifies you do have connectivity, can you download that pcap and upload it somewhere, or email it to me (cmb at pfsense dot org) with a link to this thread. That looks normal but without seeing the payload it's hard to say.

                        1 Reply Last reply Reply Quote 0
                        • L Offline
                          luke240778
                          last edited by

                          Thanks cmb, just sent you the email.

                          1 Reply Last reply Reply Quote 0
                          • C Offline
                            cmb
                            last edited by

                            The capture you just sent me looks more like what I would expect to see - no response at all. That was from the VPN interface though, try the same from LAN and send me that.

                            1 Reply Last reply Reply Quote 0
                            • L Offline
                              luke240778
                              last edited by

                              Just sent you capture from LAN interface

                              1 Reply Last reply Reply Quote 0
                              • C Offline
                                cmb
                                last edited by

                                That last capture is much different, more like what you showed in the text output, which shows the behavior varies. Why isn't clear. What the last one shows is your client sends the SYN to open the connection, it gets a SYN ACK in response, and then it RSTs the connection. In more plain English, basically your client starts the TCP connection, the 10.0.0.50 device responds back for the next step of the handshake, and then your client says "no, close that connection". Then your client sits there for 3 seconds and repeats the exact same process. After that, it sits there for 6 seconds and repeats again.

                                The order is as described, but the timing is such that I seriously doubt the client gets the SYN ACK before it sends back the RST. There is around a half ms between the SYN ACK and RST, which is far too short of a window for the client to have gotten the SYN ACK, so it seems more like the client sends then SYN, and about 10 ms later, sends the RST. The two retries have 1 ms between the SYN and RST.

                                I have no idea why your client would be behaving that way, but that's the issue. Firing up Wireshark on the host itself, in the capture options put in a filter for "host 10.0.0.50" on the OpenVPN interface, and see what you get at that point would be my next troubleshooting step.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.