From nobody Mon Jul 08 06:19:35 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WHYqw1rFHz5R4MM for ; Mon, 08 Jul 2024 06:19:40 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailserver.netfence.it", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WHYqv3jdDz40wb for ; Mon, 8 Jul 2024 06:19:39 +0000 (UTC) (envelope-from ml@netfence.it) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=netfence.it; spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 78.134.96.152 as permitted sender) smtp.mailfrom=ml@netfence.it Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152]) (authenticated bits=0) by soth.netfence.it (8.18.1/8.17.2) with ESMTPSA id 4686JZ2Z007205 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Mon, 8 Jul 2024 08:19:36 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18] Message-ID: <10252e93-b5c0-450a-a725-51739d20b8d8@netfence.it> Date: Mon, 8 Jul 2024 08:19:35 +0200 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: OpenVPN suddenly working one way only Content-Language: en-US To: Michael Tuexen , "Patrick M. Hausen" Cc: "freebsd-net@freebsd.org" References: <202407061502.466F28cR033040@gndrsh.dnsmgr.net> From: Andrea Venturoli In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.86 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.77 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.976]; DMARC_POLICY_ALLOW(-0.50)[netfence.it,none]; R_SPF_ALLOW(-0.20)[+ip4:78.134.96.152:c]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; FROM_HAS_DN(0.00)[]; HAS_XAW(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_THREE(0.00)[3] X-Rspamd-Queue-Id: 4WHYqv3jdDz40wb On 7/6/24 18:24, Michael Tuexen wrote: > Or are any kind of NAT or Firewall involved which might loose state? > Are you using public addresses on host A and B? Host B has a public IP address assigned to its "public" interface. Host A is behind NAT (it has a private IP assigned to its public interface). However, it has about 10 VPNs and only this one misbehaves (from time to time). The again, IIUC, NAT might lose state after some time... here I see the packet going out and nothing coming in immediately afterwards. bye & Thanks av. Guess I'll need to find a way to reboot the server, next time it happens. :(