whyza
January 15, 2018, 8:39pm
1
Sorry for the new thread but I have reached the new user limitation a number of times and cant reply to the old thread....
As per Jow's suggestion I have tried
option proto none to option proto static
any further suggestions would be appreciated if anyone can think of any ??
root@LEDE:~# tcpdump -n -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
06:38:36.525099 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 3, length 64
06:38:37.525440 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 4, length 64
06:38:38.129477 IP 10.81.1.242.57107 > 103.214.220.220.123: NTPv4, Client, length 48
06:38:38.129779 IP 10.81.1.242.48102 > 203.23.237.200.123: NTPv4, Client, length 48
06:38:38.525771 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 5, length 64
06:38:39.131143 IP 10.81.1.242.46833 > 203.122.222.149.123: NTPv4, Client, length 48
06:38:39.131442 IP 10.81.1.242.50599 > 192.189.54.33.123: NTPv4, Client, length 48
06:38:39.526129 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 6, length 64
06:38:40.526446 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 7, length 64
06:38:41.526759 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 8, length 64
06:38:42.527063 IP 10.81.1.242 > 172.217.25.142: ICMP echo request, id 23555, seq 9, length 64
tmomas
January 16, 2018, 11:36am
3
JW0914:
In code blocks, not quote blocks, please (three back ticks, content on new line, three back ticks on new line after content)
@whyza Please use "Preformatted text </>", since this avoids unnecessary colors and unintended formatting (e.g. highlighting where no highlighting is intended) by the forum software.
JW0914
January 16, 2018, 12:09pm
4
I forgot you mentioned that the other day, and will ask for that, in lieu of the three back ticks, in the future.
whyza
January 16, 2018, 9:04pm
5
“Preformatted text </>”
I am not in control of the server ;(
increasing the client debug to 7 produces this line when sending traffic
Wed Jan 17 06:59:24 2018 daemon.notice openvpn(expressvpn)[6909]: UDP WRITE [94] to [AF_INET]169.50.128.202:1195: P_ACK_V1 kid=0 pid=[ #11 ] [ 6 ]
it also logs control data from the server
Wed Jan 17 07:02:01 2018 daemon.notice openvpn(expressvpn)[6909]: UDP READ [113] from [AF_INET]169.50.128.202:1195: P_DATA_V1 kid=0 DATA len=112
totally stumped ;(
It's actually a formatting icon on your post toolbar.
whyza
January 16, 2018, 9:16pm
7
ok.....I have possibly made some progress to narrow down but still not resolve the issue
On a ubuntu box with the same config it works fine
example tcpdump from this box
07:12:03.724546 IP (tos 0x0, ttl 64, id 63739, offset 0, flags [DF], proto UDP (17), length 205)
192.168.0.62.46777 > 85.203.44.10.1195: [udp sum ok] UDP, length 177
07:12:04.295592 IP (tos 0x0, ttl 48, id 25055, offset 0, flags [DF], proto UDP (17), length 205)
85.203.44.10.1195 > 192.168.0.62.46777: [udp sum ok] UDP, length 177
yet from the LED box the tcpdump on the udp 1195 packs shows a UDP checksum error !
07:10:51.584564 IP (tos 0x0, ttl 64, id 23719, offset 0, flags [DF], proto UDP (17), length 205)
192.168.0.6.37095 > 169.50.128.202.1195: [bad udp cksum 0xeb75 -> 0x1cb0!] UDP, length 177
any ideas on why LEDE would be breaking the UDP checksum ?
See this article on tcpdump checksum errors and why they can occur...
whyza
January 16, 2018, 9:24pm
9
After disabling TCO (tcp offloading) the cksum errors are gone ;(
$ sudo ethtool -K eth0 tx off rx off
root@LEDE:~# tcpdump -v -n -i eth0 port 1195 -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:23:20.651110 IP (tos 0x0, ttl 64, id 60748, offset 0, flags [DF], proto UDP (17), length 205)
192.168.0.6.57557 > 169.50.128.202.1195: [udp sum ok] UDP, length 177
back to square 1 ;(
JW0914
January 16, 2018, 9:43pm
10
@whyza You've been told what you need to post in order to troubleshoot... please do so.
Also, please post ALL
