Re: VPN seems to connect but fails to get a response from the peer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A sample of sudo tcpdump -i any from my PC running Ubuntu when
successfully connected to the VPN (NOTE - I am accessing the machine
via Chrome remote desktop):

18:59:18.810613 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 38
18:59:18.815978 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 93
18:59:18.817385 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817422 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817462 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817479 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817505 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817537 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817569 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817589 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817616 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817644 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817691 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817739 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817884 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817911 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817944 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817967 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.817993 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.818009 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.821944 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1139
18:59:18.821966 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.821983 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822010 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822037 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822066 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822094 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822137 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822171 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822248 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822265 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822289 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822310 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822338 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822375 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822395 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.822509 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826663 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826734 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826779 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826817 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826867 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826905 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.826955 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.827007 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.827044 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.827088 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1140
18:59:18.844509 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 93

It has a lot of this, with a long string of length 1161, and some
shorter length. Then this:

18:59:18.909502 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1162
18:59:18.909561 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1162
18:59:18.909604 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1162
18:59:18.909645 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1162
18:59:18.909680 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1162
18:59:18.909725 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 1162
18:59:18.917401 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 70
18:59:18.961249 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 86
18:59:19.152803 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 102
18:59:19.275510 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 90
18:59:19.313553 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 102
18:59:19.739364 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 70
18:59:19.786726 IP 192.168.56.141.52216 > 10.90.110.51.domain: 11316+
PTR? 202.1.168.192.in-addr.arpa. (44)
18:59:19.786807 IP 192.168.1.202.52390 > 140.90.73.186.443: UDP, length 125
18:59:19.799656 IP 140.90.73.186.443 > 192.168.1.202.52390: UDP, length 173
18:59:19.799717 IP 10.90.110.51.domain > 192.168.56.141.52216: 11316
NXDomain 0/1/0 (79)
18:59:19.799839 IP 192.168.56.141.45494 > 10.90.110.51.domain: 34898+
PTR? 197.1.168.192.in-addr.arpa. (44)
18:59:19.799865 IP 192.168.1.202.52390 > 140.90.73.186.443: UDP, length 125
18:59:19.812120 IP 140.90.73.186.443 > 192.168.1.202.52390: UDP, length 173
18:59:19.812194 IP 10.90.110.51.domain > 192.168.56.141.45494: 34898
NXDomain 0/1/0 (79)
18:59:20.041334 ARP, Request who-has 192.168.1.202 (48:e2:44:80:1e:eb
(oui Unknown)) tell 192.168.1.1, length 46
18:59:20.041358 ARP, Reply 192.168.1.202 is-at 48:e2:44:80:1e:eb (oui
Unknown), length 28
18:59:20.058468 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 100
18:59:20.080557 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 64
18:59:20.084841 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 70
18:59:20.104805 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 90
18:59:20.279707 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 96
18:59:20.280048 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 64
18:59:20.697975 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 102
18:59:20.809886 IP 192.168.56.141.59956 > 10.90.110.51.domain: 20623+
PTR? 51.110.90.10.in-addr.arpa. (43)
18:59:20.810021 IP 192.168.1.202.52390 > 140.90.73.186.443: UDP, length 125
18:59:20.820289 IP 140.90.73.186.443 > 192.168.1.202.52390: UDP, length 221
18:59:20.820460 IP 10.90.110.51.domain > 192.168.56.141.59956: 20623
NXDomain* 0/1/0 (139)
18:59:20.820731 IP 192.168.56.141.37441 > 10.90.110.51.domain: 41176+
PTR? 141.56.168.192.in-addr.arpa. (45)
18:59:20.820857 IP 192.168.1.202.52390 > 140.90.73.186.443: UDP, length 125
18:59:20.839814 IP 140.90.73.186.443 > 192.168.1.202.52390: UDP, length 173
18:59:20.839976 IP 10.90.110.51.domain > 192.168.56.141.37441: 41176
NXDomain 0/1/0 (80)
18:59:20.840313 IP 192.168.56.141.46710 > 10.90.110.51.domain: 32975+
PTR? 186.73.90.140.in-addr.arpa. (44)
18:59:20.840440 IP 192.168.1.202.52390 > 140.90.73.186.443: UDP, length 125
18:59:20.853943 IP 140.90.73.186.443 > 192.168.1.202.52390: UDP, length 189
18:59:20.854110 IP 10.90.110.51.domain > 192.168.56.141.46710: 32975
NXDomain 0/1/0 (109)
18:59:20.854492 IP 192.168.56.141.39237 > 10.90.110.51.domain: 41073+
PTR? 1.1.168.192.in-addr.arpa. (42)
18:59:20.854586 IP 192.168.1.202.52390 > 140.90.73.186.443: UDP, length 125
18:59:20.868620 IP 140.90.73.186.443 > 192.168.1.202.52390: UDP, length 157
18:59:20.868787 IP 10.90.110.51.domain > 192.168.56.141.39237: 41073
NXDomain 0/1/0 (77)
18:59:20.897173 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 93
18:59:20.900585 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 381
18:59:20.974134 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 38
18:59:21.137589 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 65
18:59:21.383239 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 90
18:59:21.976172 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 102
18:59:22.564374 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 100
18:59:22.566561 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 64
18:59:22.748793 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 90
18:59:22.764725 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 22
18:59:22.774219 IP 192.168.1.197.45525 > 192.168.1.202.41357: UDP, length 96
18:59:22.774545 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 64
18:59:22.795977 IP 192.168.1.202.41357 > 192.168.1.197.45525: UDP, length 102

Can you shed any light on what might be going on here vs. when
attempting to connect in my crouton chroot?

Thanks so much!

On Tue, Dec 17, 2019 at 10:47 PM Adam Allgood <avram.meir@xxxxxxxxx> wrote:
>
> On Tue, Dec 17, 2019 at 5:24 AM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
> >
> > Perhaps the server is in a round-robin DNS and you really are getting
> > different servers (hence difference certificate fingerprints) every
> > time. You'd do better to *fix* the certificate problem. Can't you
> > install the appropriate SSL CA so that they're properly trusted?
>
> I will put in a ticket with my IT networking folks, but unfortunately
> they are beyond swamped and this issue will likely be extremely low
> priority for them since the majority of users can access the VPN with
> no problems.
>
> > Or maybe it's something going wrong with the routing setup. Maybe your
> > *outbound* packets aren't actually reaching the VPN server? Or the
> > inbound packets on the public network are being firewalled locally and
> > not reaching openconnect?
> >
> > Can you get a packet capture on your local network to correlate with a
> > DTLS send/receive debug log like the ones you showed before? And can
> > you show the output of 'ip route' before and after connecting?
> >
>
> I connected while running sudo tcpdump -i any, which produced a
> humongous file. Here is a sample of the output (trying to find where
> the connection to the VPN is made):
>
> 22:32:51.058707 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6565:6577, ack 15694, win 350, options [nop,nop,TS val 32971139 ecr
> 32971139], length 12
> 22:32:51.094305 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15694:15722, ack 6577, win 3635, options [nop,nop,TS val 32971175 ecr
> 32971139], length 28
> 22:32:51.094520 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6577:6589, ack 15722, win 350, options [nop,nop,TS val 32971175 ecr
> 32971175], length 12
> 22:32:51.130243 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15722:15750, ack 6589, win 3635, options [nop,nop,TS val 32971211 ecr
> 32971175], length 28
> 22:32:51.130456 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6589:6601, ack 15750, win 350, options [nop,nop,TS val 32971211 ecr
> 32971211], length 12
> 22:32:51.166144 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15750:15778, ack 6601, win 3635, options [nop,nop,TS val 32971247 ecr
> 32971211], length 28
> 22:32:51.166362 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6601:6613, ack 15778, win 350, options [nop,nop,TS val 32971247 ecr
> 32971247], length 12
> 22:32:51.201903 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15778:15806, ack 6613, win 3635, options [nop,nop,TS val 32971282 ecr
> 32971247], length 28
> 22:32:51.205718 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6613:6625, ack 15806, win 350, options [nop,nop,TS val 32971286 ecr
> 32971282], length 12
> 22:32:51.223364 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15806:15834, ack 6625, win 3635, options [nop,nop,TS val 32971304 ecr
> 32971286], length 28
> 22:32:51.223599 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6625:6637, ack 15834, win 350, options [nop,nop,TS val 32971304 ecr
> 32971304], length 12
> 22:32:51.259141 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15834:15862, ack 6637, win 3635, options [nop,nop,TS val 32971340 ecr
> 32971304], length 28
> 22:32:51.259406 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6637:6649, ack 15862, win 350, options [nop,nop,TS val 32971340 ecr
> 32971340], length 12
> 22:32:51.294607 IP localhost.43934 > localhost.30011: Flags [P.], seq
> 15862:15890, ack 6649, win 3635, options [nop,nop,TS val 32971375 ecr
> 32971340], length 28
> 22:32:51.294820 IP localhost.30011 > localhost.43934: Flags [P.], seq
> 6649:6661, ack 15890, win 350, options [nop,nop,TS val 32971375 ecr
> 32971375], length 12
> 22:32:51.316029 IP6 :: > ff02::16: HBH ICMP6, multicast listener
> report v2, 1 group record(s), length 28
> 22:32:51.329336 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 141
> 22:32:51.329363 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 221
> 22:32:51.329380 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 301
> 22:32:51.329396 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 381
> 22:32:51.329413 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 461
> 22:32:51.329430 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 541
> 22:32:51.329447 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 621
> 22:32:51.329465 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 701
> 22:32:51.329483 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 781
> 22:32:51.329502 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 861
> 22:32:51.329521 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 941
> 22:32:51.329541 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 1021
> 22:32:51.329561 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 1101
> 22:32:51.329581 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 1181
> 22:32:51.329602 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 1261
> 22:32:51.329623 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 1341
> 22:32:51.329647 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, bad
> length 1421 > 1376
> 22:32:51.329648 IP 192.168.1.197 > 140.90.73.186: udp
> 22:32:51.329677 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, bad
> length 1469 > 1376
> 22:32:51.329679 IP 192.168.1.197 > 140.90.73.186: udp
> 22:32:51.329686 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 125
> 22:32:51.329714 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, bad
> length 1469 > 1376
> 22:32:51.329716 IP 192.168.1.197 > 140.90.73.186: udp
>
> I get a lot of this, and then it settles into this pattern:
>
> 22:33:21.461356 IP 192.168.1.197 > 140.90.73.186: udp
> 22:33:21.461360 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 173
> 22:33:21.461364 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 253
> 22:33:21.461369 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 333
> 22:33:21.461373 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 413
> 22:33:21.461377 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 493
> 22:33:21.461382 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 573
> 22:33:21.461388 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 653
> 22:33:21.461393 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 733
> 22:33:21.461399 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 813
> 22:33:21.461444 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, bad
> length 1469 > 1376
> 22:33:21.461445 IP 192.168.1.197 > 140.90.73.186: udp
> 22:33:21.461450 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 173
> 22:33:21.461454 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 253
> 22:33:21.461459 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 333
> 22:33:21.461464 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 413
> 22:33:21.461470 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 493
> 22:33:21.461475 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 573
> 22:33:21.461481 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 653
> 22:33:21.461488 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 733
> 22:33:21.461495 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, length 813
> 22:33:21.461523 IP 192.168.1.197.41287 > 140.90.73.186.443: UDP, bad
> length 1469 > 1376
> 22:33:21.461524 IP 192.168.1.197 > 140.90.73.186: udp
>
> Is this helpful? I'll see if I can capture packets on my Xubuntu
> system that connects successfully, and email samples separately.
>
> As for ip route, before connecting to vpn:
>
> (bionic)avrammeir@localhost:~$ ip route
> 100.115.92.0/30 dev arcbr0 proto kernel scope link src 100.115.92.1
> 100.115.92.8/30 dev arc_wlan0 proto kernel scope link src 100.115.92.9
> 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.197
>
> And after connecting (I did this in a separate connection attempt from
> the packet captures):
>
> (bionic)avrammeir@localhost:~$ ip route
> default dev tun0 scope link
> 100.115.92.0/30 dev arcbr0 proto kernel scope link src 100.115.92.1
> 100.115.92.8/30 dev arc_wlan0 proto kernel scope link src 100.115.92.9
> 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.197
> 192.168.56.0/24 dev tun0 scope link
>
> Thank you!
> Adam

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux