From owner-freebsd-questions@freebsd.org Wed Apr 24 02:01:45 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D217C1588EDC for ; Wed, 24 Apr 2019 02:01:45 +0000 (UTC) (envelope-from jjohnstone.nospamfreebsd@tridentusa.com) Received: from mail.tridentusa.com (mail.tridentusa.com [96.225.19.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B27496D7E2 for ; Wed, 24 Apr 2019 02:01:44 +0000 (UTC) (envelope-from jjohnstone.nospamfreebsd@tridentusa.com) Received: (qmail 28121 invoked from network); 24 Apr 2019 02:01:43 -0000 Received: from mail.tridentusa.com (172.16.0.32) de/crypted with TLSv1: DHE-RSA-AES256-SHA [256/256] DN=none by smtprelay.tridentusa.com with ESMTPS; 24 Apr 2019 02:01:43 -0000 Received: (qmail 68567 invoked from network); 23 Apr 2019 22:01:43 -0400 Received: from john-j.tridentusa.com (HELO ?172.16.0.90?) (jjohnstone@tridentusa.com@172.16.0.90) by mail.tridentusa.com with AES128-SHA encrypted SMTP; 23 Apr 2019 22:01:43 -0400 Subject: Re: openvpn To: freebsd-questions@freebsd.org References: <0A8436BD-EFB8-4A54-B920-329096B89C5B@mail.sermon-archive.info> <9DABDBEC-B532-46F6-B09E-A65ED4EF5A1A@mail.sermon-archive.info> From: John Johnstone Message-ID: Date: Tue, 23 Apr 2019 22:01:43 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <9DABDBEC-B532-46F6-B09E-A65ED4EF5A1A@mail.sermon-archive.info> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: B27496D7E2 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of jjohnstone.nospamfreebsd@tridentusa.com designates 96.225.19.3 as permitted sender) smtp.mailfrom=jjohnstone.nospamfreebsd@tridentusa.com X-Spamd-Result: default: False [-0.05 / 15.00]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[tridentusa.com]; NEURAL_SPAM_MEDIUM(0.10)[0.102,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; MX_GOOD(-0.01)[cached: mail1.tridentusa.com]; NEURAL_SPAM_LONG(0.30)[0.302,0]; NEURAL_HAM_SHORT(-0.46)[-0.459,0]; IP_SCORE(0.32)[asn: 701(1.64), country: US(-0.06)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:701, ipnet:96.225.0.0/17, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2019 02:01:46 -0000 On 4/23/2019 8:36 PM, Doug Hardie wrote: >> Might be difficult to arrange but testing from some hardware besides a phone would help; being able to run tcpdump on the external device side. This would allow verifying the 3-way TCP handshake at the client side. > > As I indicated, tcpdump has been use on all connections. The connections are established and data is sent. The client just ignores it. Or, that's what it appears. If the client seems to be ignoring what is coming from the web server that means that either the web server isn't sending what it should be or the client isn't behaving as it should or as you're suggesting, packets aren't transiting through OpenVPN as they should. It's a lot of work but comparing what's seen at the server with what's seen at the client should reveal something. Wireshark with Analyze > Follow > TCP Stream can make things stand out a bit more than tcpdump. It may take a packet by packet comparison to determine where things are going wrong. Maybe trying other connections / protocols such as ssh / telnet through a VPN connection might reveal some kind of pattern to the problem. - John J.