Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT? OpenVPN? not sure what i need help with here..

    Scheduled Pinned Locked Moved General pfSense Questions
    25 Posts 3 Posters 6.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      luke240778
      last edited by

      Not sure which sub forum to write this so will do it here.  THis has something to do with either NAT, OpenVPN or ESXi i think..

      I have Open VPN on my pfSense box, with which i remotely connect from home to the office.  Open VPN DHCP's me a 192.18.0.0/24 IP when i connect.  My LAN in teh office is 10.0.0.0/19 and i have already put this subnet is as an allowed or whatever that is called.

      Here is the problem. My pfSense is a VM on ESXi 5.  The LAN ip is 10.0.0.1.   I have other VM's on the same server, that are on the same subnet.  Here is where it gets weird and i am not sure what else i need to do.  If i connect via OpenVPN and try to connect to any of the web interface's for other VM'son the server, for example my Radius GUI is on 10.0.0.6, and my Ubiquiti AirControl is on 10.0.0.6:9080 i am able to connect no problems, BUT when i try and connect to any of my Routers or AP's (WiSP)  which are on the same subnet, 10.0.0.50 for example, it will not connect. It just sits there loading and goes nowhere.  When in the office connecting to these devices is not a problem.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • L Offline
        luke240778
        last edited by

        Anyone got any ideas here?

        1 Reply Last reply Reply Quote 0
        • L Offline
          luke240778
          last edited by

          Bumping this as i really need to try and solve this..

          1 Reply Last reply Reply Quote 0
          • W Offline
            wallabybob
            last edited by

            @luke240778:

            Anyone got any ideas here?

            More information might provoke an inspired insight.

            1. Have you tested basic connectivity? What happens if you ping a host that you can't connect to? How is the output from traceroute to host that doesn't respond to web access different from traceroute to a host that does respond to web access?

            2. Do the hosts that don't respond to web access allow access from your 192.168.0.0/24 network?

            1 Reply Last reply Reply Quote 0
            • L Offline
              luke240778
              last edited by

              Thanks for the reply.  Question 1 i will get back to you when i am outside the network again to test this. Question 2 woud be a no, as this is teh whole reason that it seems to be having.  Those hosts i can access from internet but not when connected over VPN. BUT, they are on the same subnet that is allowed through VPN, and as i said i can access the ones that are on the same server.  So for example, i can connect to 10.0.0.6 whish is a VM on the same machine as my pfsense, but i cannot connect to 10.0.0.10 which is a wireless router on the network.

              1 Reply Last reply Reply Quote 0
              • W Offline
                wallabybob
                last edited by

                My thinking was that the web server configuration on 10.0.0.10 might not allow access from 192.168.0.0/24,

                Does the routing provide a path for the web access to get to 10.0.0.10?

                If yes, does the web server on 10.0.0.10 allow access from the VPN? (Various servers can be configured to restrict access from particular IP addresses.) Maybe the box has some firewall capability that allows it to restrict access from various IP addresses

                Does the server log access attempts? If not, can it be configured to do so?

                1 Reply Last reply Reply Quote 0
                • L Offline
                  luke240778
                  last edited by

                  @wallabybob:

                  @luke240778:

                  Anyone got any ideas here?

                  More information might provoke an inspired insight.

                  1. Have you tested basic connectivity? What happens if you ping a host that you can't connect to? How is the output from traceroute to host that doesn't respond to web access different from traceroute to a host that does respond to web access?

                  2. Do the hosts that don't respond to web access allow access from your 192.168.0.0/24 network?

                  Pinging to the devices i can connect to is normal, the others just time out.  Same with traceroute.

                  1 Reply Last reply Reply Quote 0
                  • L Offline
                    luke240778
                    last edited by

                    @wallabybob:

                    My thinking was that the web server configuration on 10.0.0.10 might not allow access from 192.168.0.0/24,

                    Does the routing provide a path for the web access to get to 10.0.0.10?

                    If yes, does the web server on 10.0.0.10 allow access from the VPN? (Various servers can be configured to restrict access from particular IP addresses.) Maybe the box has some firewall capability that allows it to restrict access from various IP addresses

                    Does the server log access attempts? If not, can it be configured to do so?

                    This all actually worked on my last box, just not on this new server which the only difference is that this is a VM on ESXi.  On the old box, i didnt need to setup anything at all on the other devices.

                    1 Reply Last reply Reply Quote 0
                    • W Offline
                      wallabybob
                      last edited by

                      @luke240778:

                      Pinging to the devices i can connect to is normal, the others just time out.  Same with traceroute.

                      Suggest you draw the path to one of those systems to which web access times out. How far along that route does a traceroute show responses? Perhaps you have a "problem" at the last traceroute entry or at the next hop.

                      What do you see on a traceroute to your system on the VPN issued on from one of those servers to which you can't connect?

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        luke240778
                        last edited by

                        @wallabybob:

                        @luke240778:

                        Pinging to the devices i can connect to is normal, the others just time out.  Same with traceroute.

                        Suggest you draw the path to one of those systems to which web access times out. How far along that route does a traceroute show responses? Perhaps you have a "problem" at the last traceroute entry or at the next hop.

                        What do you see on a traceroute to your system on the VPN issued on from one of those servers to which you can't connect?

                        Ok, so if i am home on my laptop connected via VPN to my pfSense (VM on ESXi) ip 10.0.0.1  i can ping another VM on that ESXi server with ip of 10.0.0.6 and tracert is fine also.  I cannot ping a AP on the same subnet  with ip of 10.0.0.10, and also qhen i do a tracert it shows:

                        Tracing route to 10.0.0.10 over a maximum of 30 ho

                        1    78 ms    58 ms    62 ms  192.168.0.1
                          2    *        *        *    Request timed out.

                        192.168.0.1 being the Open VPN IP on pfSense.

                        If i go to that other VM on the same ESXi server with ip address of 10.0.0.6, i cannot ping back to my laptop (192.168.0.6) and tracert also just request timed out after the first step:

                        Tracing route to 192.168.0.6 over a maximum of 30

                        1    1 ms    <1 ms    <1 ms  pfsense.mutioffice
                          2    *        *        *    Request timed out.

                        Attached is screenshot showing where i allowed access to the whole 10.0.0.0 subnet.. which in the past worked fine..

                        vpn.JPG
                        vpn.JPG_thumb

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          cmb
                          last edited by

                          Sounds like routing on the devices, possibly the devices you can't get to don't have a default gateway or have a wrong default gateway.

                          1 Reply Last reply Reply Quote 0
                          • L Offline
                            luke240778
                            last edited by

                            @cmb:

                            Sounds like routing on the devices, possibly the devices you can't get to don't have a default gateway or have a wrong default gateway.

                            No, they all have 10.0.0.1 as their default gateway, this is correct.  Plus it works inside the netowrk fine, only over the VPN connection it isn't working any more…

                            1 Reply Last reply Reply Quote 0
                            • C Offline
                              cmb
                              last edited by

                              @luke240778:

                              Plus it works inside the netowrk fine, only over the VPN connection it isn't working any more…

                              Which is exactly why it sounds like the default gateway, it has no relevance inside the network.

                              Time to packet capture to trace what's getting where. Start with the OpenVPN interface on the box terminating the VPN, see if it's getting there. Then the LAN on that box. Then the destination host. Where do you see it and where do you not?

                              1 Reply Last reply Reply Quote 0
                              • L Offline
                                luke240778
                                last edited by

                                umm.. you have lost me now.. don't really understand how to do what you are asking..

                                Are you saying packet capture from Pfsense VPN interface to my laptop when connected over vpn?

                                1 Reply Last reply Reply Quote 0
                                • C Offline
                                  cmb
                                  last edited by

                                  Diag>Packet capture, first on the OpenVPN interface. If you see the traffic there, move to the LAN interface. If you see the traffic there, it's being passed to the internal device and it's not responding, or not routing the response back to where it needs to go.

                                  1 Reply Last reply Reply Quote 0
                                  • L Offline
                                    luke240778
                                    last edited by

                                    Seeing that all this works on the internal network i am guessing that you are meaning to do this from the webgui on my laptop when connected via vpn?

                                    1 Reply Last reply Reply Quote 0
                                    • C Offline
                                      cmb
                                      last edited by

                                      @luke240778:

                                      Seeing that all this works on the internal network i am guessing that you are meaning to do this from the webgui on my laptop when connected via vpn?

                                      yes. You need to track where the traffic is and where it isn't.

                                      1 Reply Last reply Reply Quote 0
                                      • L Offline
                                        luke240778
                                        last edited by

                                        I have no idea how to decifer this. The following is the results of a Packet capture whilst logged in via vpn, with webgui on my laptop.  Whilst capturing packets on the VPN interface i logged into GUI of 10.0.0.6:9080 which does work, then i tried to login to 10.0.0.50 which doesnt work, here are the results:

                                        
08:43:40.220332 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.220369 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.474768 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.474796 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.474817 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553582 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.553609 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553620 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553640 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.553649 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620242 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.620264 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620274 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620307 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.620321 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.620329 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.681075 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.681099 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 964
08:43:40.685290 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.778857 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 0
08:43:40.778926 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.792469 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 650
08:43:40.792497 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 0
08:43:40.792929 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 410
08:43:40.793149 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.793157 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 194
08:43:40.794920 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 0
08:43:40.794954 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.797519 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 0
08:43:40.797548 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.800607 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 0
08:43:40.800635 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.803740 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 0
08:43:40.803768 IP 10.0.0.1.443 > 192.168.0.6.58370: tcp 0
08:43:40.832265 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 0
08:43:40.840876 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 355
08:43:40.840899 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.841207 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 145
08:43:40.851404 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.854675 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 0
08:43:40.857383 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 0
08:43:40.866048 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 355
08:43:40.866067 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.866309 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 145
08:43:40.874166 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 355
08:43:40.874185 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.874409 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 145
08:43:40.887045 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 650
08:43:40.887070 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 0
08:43:40.887394 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 410
08:43:40.887518 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 442
08:43:40.888921 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 0
08:43:40.897584 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 355
08:43:40.897601 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.897848 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 145
08:43:40.900215 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 0
08:43:40.908639 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 355
08:43:40.908658 IP 10.0.0.1.443 > 192.168.0.6.58370: tcp 0
08:43:40.908965 IP 10.0.0.1.443 > 192.168.0.6.58370: tcp 145
08:43:40.912101 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 59
08:43:40.912125 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.914679 IP 192.168.0.6.58366 > 10.0.0.1.443: tcp 0
08:43:40.914696 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.914785 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 37
08:43:40.914866 IP 10.0.0.1.443 > 192.168.0.6.58366: tcp 0
08:43:40.918111 IP 192.168.0.6.58371 > 10.0.0.1.443: tcp 0
08:43:40.918173 IP 10.0.0.1.443 > 192.168.0.6.58371: tcp 0
08:43:40.934110 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 59
08:43:40.934132 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.936914 IP 192.168.0.6.58367 > 10.0.0.1.443: tcp 0
08:43:40.936933 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.937021 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 37
08:43:40.937100 IP 10.0.0.1.443 > 192.168.0.6.58367: tcp 0
08:43:40.939954 IP 192.168.0.6.58372 > 10.0.0.1.443: tcp 0
08:43:40.939981 IP 10.0.0.1.443 > 192.168.0.6.58372: tcp 0
08:43:40.943981 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 59
08:43:40.944002 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.946679 IP 192.168.0.6.58368 > 10.0.0.1.443: tcp 0
08:43:40.946699 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.946787 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 37
08:43:40.946866 IP 10.0.0.1.443 > 192.168.0.6.58368: tcp 0
08:43:40.949645 IP 192.168.0.6.58373 > 10.0.0.1.443: tcp 0
08:43:40.949674 IP 10.0.0.1.443 > 192.168.0.6.58373: tcp 0
08:43:40.952678 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 0
08:43:40.966107 IP 192.168.0.6.58365 > 10.0.0.1.443: tcp 666
08:43:40.966127 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 0
08:43:40.966429 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 410
08:43:40.966727 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.966738 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.966747 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.966754 IP 10.0.0.1.443 > 192.168.0.6.58365: tcp 1368
08:43:40.969046 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 59
08:43:40.969071 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.971619 IP 192.168.0.6.58369 > 10.0.0.1.443: tcp 0
08:43:40.971637 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.971725 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 37
08:43:40.971805 IP 10.0.0.1.443 > 192.168.0.6.58369: tcp 0
08:43:40.974678 IP 192.168.0.6.58374 > 10.0.0.1.443: tcp 0
08:43:40.974718 IP 10.0.0.1.443 > 192.168.0.6.58374: tcp 0
08:43:40.978690 IP 192.168.0.6.58370 > 10.0.0.1.443: tcp 59

                                        Then i did the exact same with teh LAN interfece selected in Packet Capture:

                                        
08:49:36.443728 IP 10.0.10.13.1146 > 74.125.234.26.80: tcp 0
08:49:36.443862 IP 10.0.10.13.1147 > 23.15.7.8.80: tcp 0
08:49:36.443953 IP 188.80.185.138.62889 > 10.0.10.103.16847: UDP, length 20
08:49:36.448148 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.455238 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.457012 IP 213.39.219.30.4662 > 10.0.10.50.59415: tcp 0
08:49:36.458080 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.458087 IP 200.159.128.189.80 > 10.0.10.13.1149: tcp 1460
08:49:36.458095 IP 23.15.7.8.80 > 10.0.10.13.1147: tcp 0
08:49:36.460162 IP 10.0.10.103.8786 > 186.249.137.109.2108: UDP, length 965
08:49:36.466676 IP 10.0.12.120.6907 > 190.18.42.143.33977: UDP, length 34
08:49:36.468096 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.474899 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 100
08:49:36.477753 IP 74.125.234.26.80 > 10.0.10.13.1150: tcp 857
08:49:36.478076 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.482616 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 442
08:49:36.482646 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 74
08:49:36.482679 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 314
08:49:36.482705 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 74
08:49:36.483206 IP 10.0.0.6.2364 > 10.0.0.1.443: tcp 0
08:49:36.483232 IP 10.0.0.6.2364 > 10.0.0.1.443: tcp 0
08:49:36.484313 IP 121.138.153.155.4284 > 10.0.0.6.3389: tcp 592
08:49:36.484423 IP 10.0.0.1.443 > 10.0.0.6.2364: tcp 74
08:49:36.484842 IP 10.0.0.6.3389 > 121.138.153.155.4284: tcp 48
08:49:36.484884 IP 10.0.0.6.3389 > 121.138.153.155.4284: tcp 52
08:49:36.484970 IP 10.0.0.6.3389 > 121.138.153.155.4284: tcp 52
08:49:36.488108 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.496057 IP 10.0.10.76.2638 > 74.125.36.1.80: tcp 1460
08:49:36.496120 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 0
08:49:36.498082 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.498207 IP 65.54.49.31.1863 > 10.0.10.103.1655: tcp 0
08:49:36.503303 IP 10.0.10.76.2638 > 74.125.36.1.80: tcp 667
08:49:36.503339 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 0
08:49:36.508849 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.513544 08:10:74:75:8b:e6 > ff:ff:ff:ff:ff:ff Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 46
08:49:36.518056 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.524856 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 13
08:49:36.528048 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.535349 IP 10.0.10.103.16847 > 89.214.218.155.46392: UDP, length 20
08:49:36.540535 IP 10.0.10.13.1149 > 200.159.128.189.80: tcp 0
08:49:36.540575 IP 200.159.128.189.80 > 10.0.10.13.1149: tcp 845
08:49:36.546094 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.551686 IP 10.0.10.87.2048 > 10.0.0.1.53: UDP, length 43
08:49:36.551859 IP 10.0.0.1.53 > 10.0.10.87.2048: UDP, length 59
08:49:36.556023 IP 68.97.251.241.56714 > 10.0.10.91.10398: UDP, length 317
08:49:36.556318 IP 10.0.10.50.7381 > 109.13.253.161.4259: UDP, length 37
08:49:36.558091 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.558098 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.561155 IP 190.192.131.27.24060 > 10.0.12.120.6907: UDP, length 144
08:49:36.566046 ARP, Request who-has 10.0.0.1 tell 10.0.10.184, length 46
08:49:36.566071 ARP, Reply 10.0.0.1 is-at 00:0c:29:82:6d:ef, length 28
08:49:36.567481 IP 74.53.32.202.25 > 10.0.10.87.3655: tcp 0
08:49:36.568093 IP 74.53.32.202.25 > 10.0.10.87.3655: tcp 188
08:49:36.569691 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.572617 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.575827 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.580025 IP 10.0.10.76.2645 > 74.125.234.13.80: tcp 0
08:49:36.580074 IP 74.125.234.13.80 > 10.0.10.76.2645: tcp 0
08:49:36.580081 IP 10.0.10.87.3657 > 74.53.32.202.21: tcp 0
08:49:36.588040 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.588057 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.588206 IP 10.0.10.91.10398 > 176.51.202.30.25087: UDP, length 106
08:49:36.597640 IP 10.0.10.87.3655 > 74.53.32.202.25: tcp 44
08:49:36.598105 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.600253 IP 10.0.0.6.2364 > 10.0.0.1.443: tcp 0
08:49:36.608048 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.608079 IP 10.0.10.103.8786 > 186.249.137.109.2108: UDP, length 521
08:49:36.612458 IP 10.0.10.110.49166 > 23.21.209.61.80: tcp 0
08:49:36.615733 IP 10.0.12.120.6907 > 108.224.81.95.24488: UDP, length 34
08:49:36.616768 IP 10.0.10.50.59415 > 213.39.219.30.4662: tcp 1300
08:49:36.618036 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.628035 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.630824 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.632599 IP 10.0.10.50.59415 > 213.39.219.30.4662: tcp 1300
08:49:36.633022 IP 10.0.10.50.59417 > 186.59.67.143.34155: tcp 1300
08:49:36.638944 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.642736 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.648083 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.648379 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.653604 IP 186.249.137.109.27777 > 10.0.10.103.15630: UDP, length 28
08:49:36.658040 IP 186.249.137.109.27777 > 10.0.10.103.15630: UDP, length 200
08:49:36.658047 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.668072 IP 186.249.137.109.24904 > 10.0.10.103.30340: UDP, length 208
08:49:36.668079 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.668179 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.675874 IP 10.0.10.110.49166 > 23.21.209.61.80: tcp 0
08:49:36.675950 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 98
08:49:36.678053 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.686379 IP 10.0.10.103.16847 > 188.80.185.138.62889: UDP, length 20
08:49:36.688046 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.689794 IP 10.0.10.8.59964 > 62.67.7.127.80: tcp 0
08:49:36.699153 IP 10.0.0.0 > 224.0.0.1: igmp
08:49:36.705590 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 472
08:49:36.708018 IP 74.125.36.1.80 > 10.0.10.76.2638: tcp 744
08:49:36.708025 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.712886 IP 10.0.10.103.20761 > 186.249.137.109.27207: UDP, length 13
08:49:36.714776 IP 74.53.32.202.21 > 10.0.10.87.3657: tcp 0
08:49:36.718025 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
08:49:36.726489 IP 10.0.10.110.2048 > 10.0.0.1.53: UDP, length 34
08:49:36.728044 IP 62.67.7.127.80 > 10.0.10.8.59964: tcp 1460
                                        1 Reply Last reply Reply Quote 0
                                        • C Offline
                                          cmb
                                          last edited by

                                          looks like you limited it to 100 packets, and didn't filter it by IP, so you're missing the relevant traffic there. Put in 10.0.0.50 as the address so it just sees that, 0 as the count (though it won't really matter with the filter on there), and try the same again.

                                          1 Reply Last reply Reply Quote 0
                                          • L Offline
                                            luke240778
                                            last edited by

                                            Ok, this is all i get from that on VPN Interface:

                                            21:47:00.178564 IP 192.168.0.6.63111 > 10.0.0.50.80: tcp 0
                                            21:47:00.181121 IP 192.168.0.6.63112 > 10.0.0.50.80: tcp 0
                                            21:47:03.174617 IP 192.168.0.6.63111 > 10.0.0.50.80: tcp 0
                                            21:47:03.178406 IP 192.168.0.6.63112 > 10.0.0.50.80: tcp 0
                                            21:47:09.177196 IP 192.168.0.6.63111 > 10.0.0.50.80: tcp 0
                                            21:47:09.180098 IP 192.168.0.6.63112 > 10.0.0.50.80: tcp 0

                                            And this on LAN interface:

                                            21:49:49.935138 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                                            21:49:49.936001 IP 10.0.0.50.80 > 192.168.0.6.63143: tcp 0
                                            21:49:49.936038 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                                            21:49:49.937900 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                                            21:49:49.938609 IP 10.0.0.50.80 > 192.168.0.6.63144: tcp 0
                                            21:49:49.938640 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                                            21:49:50.187409 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                                            21:49:50.188626 IP 10.0.0.50.80 > 192.168.0.6.63145: tcp 0
                                            21:49:50.188663 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                                            21:49:52.936299 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                                            21:49:52.939297 IP 10.0.0.50.80 > 192.168.0.6.63144: tcp 0
                                            21:49:52.939338 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                                            21:49:52.940308 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                                            21:49:52.941788 IP 10.0.0.50.80 > 192.168.0.6.63143: tcp 0
                                            21:49:52.941820 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                                            21:49:53.186213 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                                            21:49:53.187786 IP 10.0.0.50.80 > 192.168.0.6.63145: tcp 0
                                            21:49:53.187822 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                                            21:49:57.932174 ARP, Request who-has 10.0.0.1 tell 10.0.0.50, length 46
                                            21:49:57.932202 ARP, Reply 10.0.0.1 is-at 00:0c:29:82:6d:ef, length 28
                                            21:49:58.935279 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                                            21:49:58.936094 IP 10.0.0.50.80 > 192.168.0.6.63143: tcp 0
                                            21:49:58.936128 IP 192.168.0.6.63143 > 10.0.0.50.80: tcp 0
                                            21:49:58.938132 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                                            21:49:58.939000 IP 10.0.0.50.80 > 192.168.0.6.63144: tcp 0
                                            21:49:58.939032 IP 192.168.0.6.63144 > 10.0.0.50.80: tcp 0
                                            21:49:59.187646 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                                            21:49:59.188552 IP 10.0.0.50.80 > 192.168.0.6.63145: tcp 0
                                            21:49:59.188589 IP 192.168.0.6.63145 > 10.0.0.50.80: tcp 0
                                            21:50:03.043351 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                                            21:50:03.043564 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30
                                            21:50:03.049895 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                                            21:50:03.050000 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30
                                            21:50:03.058457 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                                            21:50:03.058552 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30
                                            21:50:03.063098 IP 10.0.0.50.32857 > 10.0.0.1.53: UDP, length 30
                                            21:50:03.063208 IP 10.0.0.1.53 > 10.0.0.50.32857: UDP, length 30

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.