Ask Your Question
1

OpenVPN/Fedora24/No firewall: ping ok but cannot connect vpn machines

asked 2015-11-14 01:28:06 -0600

michel gravatar image

Hi,

I have a brand new Fedora 24/rawhide on my new laptop (Dell XPS 13). I use openvpn to access some machines on a 10.0.0.xx network. Openvpn server and other clients work fine (since quite a few years).

No firewall, no iptables, SELinux disabled.

Summary: I can ping machines on my VPN, but I cannot connect them, whatever port I try. I can connect other remote machines (through regular net interfaces) with no problem.

Same installation (unless I miss something) works well in Fedora 22, Fedora 23.

Is there something in Fedora 24 that could prevent using openvpn? Thanks in advance.

The details:

  $ uname -r
  4.4.0-0.rc0.git8.1.fc24.x86_64
  $ openvpn --version
  OpenVPN 2.3.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug  4 2015
  library versions: OpenSSL 1.0.2d-fips 9 Jul 2015, LZO 2.08
  [...]

Openvpn creates successfully the tap0 interface, and my IP on this interface is 10.0.0.11.

  $ ifconfig
  [skipped]
   tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.11  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::90d5:f4ff:fe33:68f2  prefixlen 64  scopeid 0x20<link>
        ether xxxxxxxxxxxxxxx  txqueuelen 100  (Ethernet)
        RX packets 82  bytes 11166 (10.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 95  bytes 10513 (10.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Routes:

  $ ip route
  default via 192.168.0.254 dev enp0s20f0u1u1i5  proto static  metric 100 
  10.0.0.0/24 dev tap0  proto kernel  scope link  src 10.0.0.11 
  192.168.0.0/24 dev enp0s20f0u1u1i5  proto kernel  scope link  src 192.168.0.23  metric 100

ping is fine:

  $ ping 10.0.0.10     # 10.0.0.10 is a remote client on the VPN
  PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
  64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=25.4 ms
  ...

connect doesn't go through

  $ telnet 10.0.0.10 22
  Trying 10.0.0.10...
   ... never returns ...

strace shows that the connect syscall waits untils it times out

  $ strace telnet 10.0.0.10 22
  [skipped]
  getsockopt(3, SOL_IP, IP_TOS, [16], 4)  = 0
  connect(3, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("10.0.0.10")}, 16
  ... never returns ...

I checked active services, loaded kernel modules, but have no idea.

Thanks in advance for your help,

  • Michel
edit retag flag offensive close merge delete

Comments

I understand my question is about an unsupported version of fedora. Apologies... But suggestions are still welcome ;-)

EDIT: now with Fedora 23 and kernel 4.4.rc1. Same problem. Looks like the kernel is the culprit, but don't understand what is going on.

michel gravatar imagemichel ( 2015-11-14 03:10:06 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-11-18 00:43:43 -0600

michel gravatar image

Well, after a git pull from Linus' git (kernel 4.4.rc1), compile, install and reboot, everything works like a charm. My problem is solved.

edit flag offensive delete link more

Question Tools

Stats

Asked: 2015-11-14 01:28:06 -0600

Seen: 376 times

Last updated: Nov 18 '15