OpenVPN/Fedora24/No firewall: ping ok but cannot connect vpn machines

asked 2015-11-14 01:28:06 -0500

I have a brand new Fedora 24/rawhide on my new laptop (Dell XPS 13). I use openvpn to access some machines on a 10.0.0.xx network. Openvpn server and other clients work fine (since quite a few years).

No firewall, no iptables, SELinux disabled.

Summary: I can ping machines on my VPN, but I cannot connect them, whatever port I try. I can connect other remote machines (through regular net interfaces) with no problem.

Same installation (unless I miss something) works well in Fedora 22, Fedora 23.

Is there something in Fedora 24 that could prevent using openvpn? Thanks in advance.

The details:

  $ uname -r
  $ openvpn --version
  OpenVPN 2.3.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug  4 2015
  library versions: OpenSSL 1.0.2d-fips 9 Jul 2015, LZO 2.08

Openvpn creates successfully the tap0 interface, and my IP on this interface is

  $ ifconfig
   tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fe80::90d5:f4ff:fe33:68f2  prefixlen 64  scopeid 0x20<link>
        ether xxxxxxxxxxxxxxx  txqueuelen 100  (Ethernet)
        RX packets 82  bytes 11166 (10.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 95  bytes 10513 (10.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


  $ ip route
  default via dev enp0s20f0u1u1i5  proto static  metric 100 dev tap0  proto kernel  scope link  src dev enp0s20f0u1u1i5  proto kernel  scope link  src  metric 100

ping is fine:

  $ ping     # is a remote client on the VPN
  PING ( 56(84) bytes of data.
  64 bytes from icmp_seq=1 ttl=64 time=25.4 ms

connect doesn't go through

  $ telnet 22
   ... never returns ...

strace shows that the connect syscall waits untils it times out

  $ strace telnet 22
  getsockopt(3, SOL_IP, IP_TOS, [16], 4)  = 0
  connect(3, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("")}, 16
  ... never returns ...

I checked active services, loaded kernel modules, but have no idea.

Thanks in advance for your help,

  • Michel
I understand my question is about an unsupported version of fedora. Apologies... But suggestions are still welcome ;-)

EDIT: now with Fedora 23 and kernel 4.4.rc1. Same problem. Looks like the kernel is the culprit, but don't understand what is going on.

michel ( 2015-11-14 03:10:06 -0500 )

1 Answer

answered 2015-11-18 00:43:43 -0500

michel

Well, after a git pull from Linus' git (kernel 4.4.rc1), compile, install and reboot, everything works like a charm. My problem is solved.

