VPN client cannot receive packets

lokadamus at gmx.de lokadamus at gmx.de
Thu Sep 25 18:11:30 UTC 2014 

On 25.09.2014 20:05, Zhi-Qiang Lei wrote:
> On Sep 26, 2014, at 12:35 AM, lokadamus at gmx.de wrote:
>
>> On 25.09.2014 16:47, Zhi-Qiang Lei wrote:
>>
>>> Hi,
>>>
>>> It is my router/firewall with internet connection.
>>>
>>> This time I try to list the packets from 8.8.8.8, but there are none.
>>>
>>> root at freebsd-7638:~ # tcpdump src 8.8.8.8
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>> listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes
>>>
>>> Now the question URL is changed.
>>>
>>> http://serverfault.com/questions/631260/freebsd-l2tp-vpn-connection-error
>>>
>>> Best regards,
>>> Zhi-Qiang Lei
>>> zhiqiang.lei at gmail.com
>>>
>>> On Sep 25, 2014, at 10:20 PM, lokadamus at gmx.de wrote:
>>>
>>>> On 25.09.2014 08:48, Zhi-Qiang Lei wrote:
>>>>
>>>>> I setup a L2TP/IPsec VPN as this article:
>>>>>
>>>>> http://wiki.stocksy.co.uk/wiki/L2TP_VPN_in_FreeBSD
>>>>>
>>>>> My problem is that the connected clients cannot receive packets, however, sending is okay.
>>>>>
>>>>> Here are the tcpdump results if I tried to ping 8.8.8.8:
>>>>>
>>>>> root at freebsd-7638:~ # tcpdump -i vtnet0 icmp
>>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>>>> listening on vtnet0, link-type EN10MB (Ethernet), capture size 65535 bytes
>>>>> 05:55:17.630770 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 0, length 64
>>>>> 05:55:18.627825 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 1, length 64
>>>>> 05:55:19.624058 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 2, length 64
>>>>> 05:55:20.618946 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 3, length 64
>>>>> 05:55:21.622551 IP 192.168.99.150 > google-public-dns-a.google.com: ICMP echo request, id 36697, seq 4, length 64
>>>>>
>>>>> What could be wrong? And how can I troubleshoot? You may reply on SuperUser if you want, thanks in advance.
>>>>>
>>>>> http://superuser.com/questions/816485/cannot-receive-packets
>>>>>
>>>>> Best regards,
>>>>> Zhi-Qiang Lei
>>>>> zhiqiang.lei at gmail.com
>>>>>
>>>>> _______________________________________________
>>>>> freebsd-questions at freebsd.org mailing list
>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>>>>
>>>> Hi,
>>>>
>>>> Is this your router/ firewall with internet connection?
>>>> Look with tcpdump for traffic at 8.8.8.8.
>>>> So you can see, if traffic comes back or is missing before your vpn system.
>>>>
>>>>
>>>> Best regards
>>>>
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>>
>> Stupid mistake, have you made a vpn connection with google (8.8.8.8) or with another subnet on the other side?
>> When you will test you vpn connection you should ping your other side of your vpn connection.
>>
>> Best regards,
>>
>
> When I connect to VPN, I can ping the VPN (gateway) server with its IP in VPN. (My IP in VPN is 192.168.99.150)
>
> $ ping 192.168.99.1
> PING 192.168.99.1 (192.168.99.1): 56 data bytes
> 64 bytes from 192.168.99.1: icmp_seq=0 ttl=64 time=441.677 ms
> 64 bytes from 192.168.99.1: icmp_seq=1 ttl=64 time=361.192 ms
> 64 bytes from 192.168.99.1: icmp_seq=2 ttl=64 time=281.524 ms
> 64 bytes from 192.168.99.1: icmp_seq=3 ttl=64 time=300.120 ms
> 64 bytes from 192.168.99.1: icmp_seq=4 ttl=64 time=430.178 ms
>
> But I cannot ping 8.8.8.8.
>
> $ ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> Request timeout for icmp_seq 0
> Request timeout for icmp_seq 1
> Request timeout for icmp_seq 2
> Request timeout for icmp_seq 3
> Request timeout for icmp_seq 4
> Request timeout for icmp_seq 5
>
> When I ping 8.8.8.8, tcpdump on VPN server shows that there is no response from 8.8.8.8. Did I miss something? Thanks.
>
> Best regards,
> Zhi-Qiang Lei
>
>
Do you use the same subnet on both sides?
Don't do this. You will get a little trouble,
when 2 systems use the same ip or DNS trouble will come.
Can you give me a "netstat -nr", because it looks like
you send all traffic to this vpn tunnel or you have a
little problem with masked traffic.


Best regards

More information about the freebsd-questions mailing list