(Resolu) Soucis munin vpn

Message par **gizmo78** » ven. 8 avr. 2016 12:50

Yop,

Bon comme dit dans le blabla, j'ai un soucis de telnet/munin à travers un vpn ^^

Donc l'infra ca donne:

VPS munin-server -----> Openvpn -----> LAN INFRA -----> VM Munin-node

un ping fonctionne nickel, mais un telnet ca donne ca:

tcpdump -vi vtnet1 port 4949
tcpdump: listening on vtnet1, link-type EN10MB (Ethernet), capture size 65535 bytes
12:46:04.389003 IP (tos 0x0, ttl 63, id 15192, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35584 > 172.16.55.4.4949: Flags [S], cksum 0x153c (correct), seq 2686508401, win 29200, options [mss 1306,sackOK,TS val 57081552 ecr 0,nop,wscale 7], length 0
12:46:21.950262 IP (tos 0x10, ttl 63, id 12780, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35592 > 172.16.55.4.4949: Flags [S], cksum 0x5868 (correct), seq 4282463296, win 29200, options [mss 1306,sackOK,TS val 57083308 ecr 0,nop,wscale 7], length 0
12:46:21.950339 IP (tos 0x0, ttl 64, id 42192, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xe1bc), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57083308], length 0
12:46:22.949019 IP (tos 0x10, ttl 63, id 12781, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35592 > 172.16.55.4.4949: Flags [S], cksum 0x5804 (correct), seq 4282463296, win 29200, options [mss 1306,sackOK,TS val 57083408 ecr 0,nop,wscale 7], length 0
12:46:22.949053 IP (tos 0x0, ttl 64, id 42195, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xe158), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57083408], length 0
12:46:24.949244 IP (tos 0x10, ttl 63, id 12782, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35592 > 172.16.55.4.4949: Flags [S], cksum 0x573c (correct), seq 4282463296, win 29200, options [mss 1306,sackOK,TS val 57083608 ecr 0,nop,wscale 7], length 0
12:46:24.949294 IP (tos 0x0, ttl 64, id 42199, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xe090), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57083608], length 0
12:46:27.976117 IP (tos 0x0, ttl 64, id 42204, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xe090), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57083608], length 0
12:46:28.958976 IP (tos 0x10, ttl 63, id 12783, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35592 > 172.16.55.4.4949: Flags [S], cksum 0x55ab (correct), seq 4282463296, win 29200, options [mss 1306,sackOK,TS val 57084009 ecr 0,nop,wscale 7], length 0
12:46:28.959035 IP (tos 0x0, ttl 64, id 42207, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xdeff), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57084009], length 0
12:46:31.991179 IP (tos 0x0, ttl 64, id 42212, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xdeff), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57084009], length 0
12:46:34.994020 IP (tos 0x0, ttl 64, id 42219, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xdeff), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57084009], length 0
12:46:36.988956 IP (tos 0x10, ttl 63, id 12784, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35592 > 172.16.55.4.4949: Flags [S], cksum 0x5288 (correct), seq 4282463296, win 29200, options [mss 1306,sackOK,TS val 57084812 ecr 0,nop,wscale 7], length 0
12:46:36.989157 IP (tos 0x0, ttl 64, id 42223, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xdbdc), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57084812], length 0
12:46:39.997127 IP (tos 0x0, ttl 64, id 42234, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xdbdc), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57084812], length 0
12:46:43.005373 IP (tos 0x0, ttl 64, id 42239, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35592: Flags [S.], cksum 0xa35d (incorrect -> 0xdbdc), seq 3259013784, ack 4282463297, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 2949766144 ecr 57084812], length 0
^C
16 packets captured
159 packets received by filter
0 packets dropped by kernel

un tcpdump fait sur la VM Munin-node

je pige pas pk le checksum au retour est incorrect oO

Au niveau openvpn j'ai rien fais de spécial, j'ai juste viré la ligne qui change la passerelle pour pas que le traffic passe par la.

Si vous avez une idée

Message par **poulpito** » ven. 8 avr. 2016 12:53

en local sur la machine munin-node
si tu fais un telnet localhost 4949 ca dit quoi ?

ca le fait que pour les paquets arrivant de l'autre côté du vpn ?

Message par **gizmo78** » ven. 8 avr. 2016 13:02

alors, la même commande telnet depuis la VM openvpn mais en passant par le LAN INFRA ca donne:

tcpdump -vi vtnet1 port 4949
tcpdump: listening on vtnet1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:00:59.098457 IP (tos 0x10, ttl 64, id 51234, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.8.26032 > 172.16.55.4.4949: Flags [S], cksum 0xc65b (incorrect -> 0x657a), seq 1668554842, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 257167410 ecr 0], length 0
13:00:59.098537 IP (tos 0x0, ttl 64, id 45591, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.16.55.8.26032: Flags [S.], cksum 0xc65b (incorrect -> 0x78d7), seq 2014075535, ack 1668554843, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1113708436 ecr 257167410], length 0
13:00:59.098827 IP (tos 0x10, ttl 64, id 51236, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.8.26032 > 172.16.55.4.4949: Flags [.], cksum 0xc653 (incorrect -> 0xa392), ack 1, win 1040, options [nop,nop,TS val 257167410 ecr 1113708436], length 0
13:00:59.102067 IP (tos 0x0, ttl 64, id 45592, offset 0, flags [DF], proto TCP (6), length 87)
    172.16.55.4.4949 > 172.16.55.8.26032: Flags [P.], cksum 0xc676 (incorrect -> 0x04a0), seq 1:36, ack 1, win 1040, options [nop,nop,TS val 1113708439 ecr 257167410], length 35
13:00:59.208490 IP (tos 0x10, ttl 64, id 51239, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.8.26032 > 172.16.55.4.4949: Flags [.], cksum 0xc653 (incorrect -> 0xa2fe), ack 36, win 1040, options [nop,nop,TS val 257167520 ecr 1113708439], length 0
^C
5 packets captured
27 packets received by filter
0 packets dropped by kernel

et ca passe.

Un telnet depuis internet sur un autre port ca passe.

Donc c'est vraiment que depuis le vpn

Message par **poulpito** » ven. 8 avr. 2016 13:04

donc c'est pas le VPN puisque depuis lan-fra vers munin ca fait incorrect checksum non ?

Message par **gizmo78** » ven. 8 avr. 2016 13:04

oui mais la commande telnet se termine correctement, ce qui est pas le cas si ca passe par le vpn oO

Message par **poulpito** » ven. 8 avr. 2016 13:08

mais tu as un incorrect quand même

même si le telnet se finit ?

Message par **gizmo78** » ven. 8 avr. 2016 13:10

ouais ce que je comprends pas...

Depuis la vm vpn:

telnet 172.16.55.4 4949
Trying 172.16.55.4...
Connected to 172.16.55.4.
Escape character is '^]'.
# munin node at edrik.securmail.fr
quit
Connection closed by foreign host.

sur le Munin-node:

tcpdump -vi vtnet1 port 4949
tcpdump: listening on vtnet1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:10:18.928412 IP (tos 0x10, ttl 64, id 51445, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.8.47027 > 172.16.55.4.4949: Flags [S], cksum 0xc65b (incorrect -> 0x4ce5), seq 3259235645, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 257727240 ecr 0], length 0
13:10:18.928481 IP (tos 0x0, ttl 64, id 46644, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.16.55.8.47027: Flags [S.], cksum 0xc65b (incorrect -> 0x6a08), seq 796517849, ack 3259235646, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1348369690 ecr 257727240], length 0
13:10:18.928699 IP (tos 0x10, ttl 64, id 51447, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.8.47027 > 172.16.55.4.4949: Flags [.], cksum 0xc653 (incorrect -> 0x94c3), ack 1, win 1040, options [nop,nop,TS val 257727240 ecr 1348369690], length 0
13:10:18.932528 IP (tos 0x0, ttl 64, id 46645, offset 0, flags [DF], proto TCP (6), length 87)
    172.16.55.4.4949 > 172.16.55.8.47027: Flags [P.], cksum 0xc676 (incorrect -> 0xf5d0), seq 1:36, ack 1, win 1040, options [nop,nop,TS val 1348369693 ecr 257727240], length 35
13:10:19.034237 IP (tos 0x10, ttl 64, id 51450, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.8.47027 > 172.16.55.4.4949: Flags [.], cksum 0xc653 (incorrect -> 0x9434), ack 36, win 1040, options [nop,nop,TS val 257727345 ecr 1348369693], length 0
13:10:19.269555 IP (tos 0x0, ttl 64, id 46646, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35628: Flags [S.], cksum 0xa35d (incorrect -> 0x23c9), seq 3120986849, ack 2611919122, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 78191460 ecr 57226738], length 0
13:10:20.431516 IP (tos 0x10, ttl 64, id 51457, offset 0, flags [DF], proto TCP (6), length 58)
    172.16.55.8.47027 > 172.16.55.4.4949: Flags [P.], cksum 0xc659 (incorrect -> 0xa6bc), seq 1:7, ack 36, win 1040, options [nop,nop,TS val 257728743 ecr 1348369693], length 6
13:10:20.433785 IP (tos 0x0, ttl 64, id 46655, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.4.4949 > 172.16.55.8.47027: Flags [F.], cksum 0xc653 (incorrect -> 0x88da), seq 36, ack 7, win 1040, options [nop,nop,TS val 1348371194 ecr 257728743], length 0
13:10:20.434029 IP (tos 0x10, ttl 64, id 51458, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.8.47027 > 172.16.55.4.4949: Flags [.], cksum 0xc653 (incorrect -> 0x88d8), ack 37, win 1040, options [nop,nop,TS val 257728745 ecr 1348371194], length 0
13:10:20.434049 IP (tos 0x10, ttl 64, id 51459, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.8.47027 > 172.16.55.4.4949: Flags [F.], cksum 0xc653 (incorrect -> 0x88d7), seq 7, ack 37, win 1040, options [nop,nop,TS val 257728745 ecr 1348371194], length 0
13:10:20.434070 IP (tos 0x0, ttl 64, id 46656, offset 0, flags [DF], proto TCP (6), length 52)
    172.16.55.4.4949 > 172.16.55.8.47027: Flags [.], cksum 0xc653 (incorrect -> 0x88d6), ack 8, win 1040, options [nop,nop,TS val 1348371195 ecr 257728745], length 0
13:10:22.269037 IP (tos 0x0, ttl 64, id 46659, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35628: Flags [S.], cksum 0xa35d (incorrect -> 0x23c9), seq 3120986849, ack 2611919122, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 78191460 ecr 57226738], length 0
13:10:25.307190 IP (tos 0x0, ttl 64, id 46670, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35628: Flags [S.], cksum 0xa35d (incorrect -> 0x23c9), seq 3120986849, ack 2611919122, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 78191460 ecr 57226738], length 0
13:10:32.308765 IP (tos 0x0, ttl 63, id 35079, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35628 > 172.16.55.4.4949: Flags [S], cksum 0x0078 (correct), seq 2611919121, win 29200, options [mss 1306,sackOK,TS val 57228344 ecr 0,nop,wscale 7], length 0
^C
14 packets captured
97 packets received by filter
0 packets dropped by kernel

Message par **gizmo78** » ven. 8 avr. 2016 13:23

Bon c'est pas que le telnet....

ssh 172.20.20.6
ssh: connect to host 172.20.20.6 port 22: Connection timed out

sur le serveur Munin:

tcpdump -vi tun0
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
11:23:17.677429 IP (tos 0x0, ttl 63, id 18891, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x493a), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686582573 ecr 0,nop,wscale 5], length 0
11:23:18.671779 IP (tos 0x0, ttl 63, id 18892, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x4840), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686582823 ecr 0,nop,wscale 5], length 0
11:23:20.675643 IP (tos 0x0, ttl 63, id 18893, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x464b), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686583324 ecr 0,nop,wscale 5], length 0
11:23:24.683852 IP (tos 0x0, ttl 63, id 18894, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x4261), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686584326 ecr 0,nop,wscale 5], length 0
11:23:32.692076 IP (tos 0x0, ttl 63, id 18895, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x3a8f), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686586328 ecr 0,nop,wscale 5], length 0
11:23:48.724373 IP (tos 0x0, ttl 63, id 18896, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x2ae7), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686590336 ecr 0,nop,wscale 5], length 0
11:24:20.788851 IP (tos 0x0, ttl 63, id 18897, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.5.52781 > scw-0eb563.ssh: Flags [S], cksum 0xa3f8 (incorrect -> 0x0b97), seq 88308966, win 29200, options [mss 1306,sackOK,TS val 1686598352 ecr 0,nop,wscale 5], length 0
11:25:02.568432 IP (tos 0x0, ttl 64, id 23725, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0x0b85 (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57315273 ecr 0,nop,wscale 7], length 0
11:25:02.578372 IP (tos 0x0, ttl 63, id 48266, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x69aa), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315273], length 0
11:25:03.566898 IP (tos 0x0, ttl 64, id 23726, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0x0b21 (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57315373 ecr 0,nop,wscale 7], length 0
11:25:03.576791 IP (tos 0x0, ttl 63, id 48268, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x6946), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315373], length 0
11:25:05.566897 IP (tos 0x0, ttl 64, id 23727, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0x0a59 (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57315573 ecr 0,nop,wscale 7], length 0
11:25:05.576729 IP (tos 0x0, ttl 63, id 48289, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x687e), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315573], length 0
11:25:08.576037 IP (tos 0x0, ttl 63, id 48308, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x687e), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315573], length 0
11:25:09.576910 IP (tos 0x0, ttl 64, id 23728, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0x08c8 (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57315974 ecr 0,nop,wscale 7], length 0
11:25:09.586991 IP (tos 0x0, ttl 63, id 48310, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x66ed), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315974], length 0
11:25:12.600204 IP (tos 0x0, ttl 63, id 48314, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x66ed), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315974], length 0
11:25:15.608857 IP (tos 0x0, ttl 63, id 48318, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x66ed), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57315974], length 0
11:25:17.596911 IP (tos 0x0, ttl 64, id 23729, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0x05a6 (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57316776 ecr 0,nop,wscale 7], length 0
11:25:17.606323 IP (tos 0x0, ttl 63, id 48321, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x63cb), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57316776], length 0
11:25:20.616263 IP (tos 0x0, ttl 63, id 48325, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x63cb), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57316776], length 0
11:25:23.665194 IP (tos 0x0, ttl 63, id 48329, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x63cb), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57316776], length 0
11:25:26.675471 IP (tos 0x0, ttl 63, id 48333, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.munin > scw-0eb563.35654: Flags [S.], cksum 0xa35d (incorrect -> 0x63cb), seq 2694357755, ack 571003749, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 229622577 ecr 57316776], length 0
11:25:33.636939 IP (tos 0x0, ttl 64, id 23730, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0xff61 (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57318380 ecr 0,nop,wscale 7], length 0
11:26:05.676928 IP (tos 0x0, ttl 64, id 23731, offset 0, flags [DF], proto TCP (6), length 60)
    scw-0eb563.35654 > 172.16.55.4.munin: Flags [S], cksum 0xf2dd (correct), seq 571003748, win 29200, options [mss 1460,sackOK,TS val 57321584 ecr 0,nop,wscale 7], length 0
^C
25 packets captured
25 packets received by filter
0 packets dropped by kernel

edit: sans filtre

Message par **poulpito** » ven. 8 avr. 2016 13:46

un soucis de MTU pourrait faire ca ?

https://openvpn.net/archive/openvpn-use ... 00013.html

Message par **gizmo78** » ven. 8 avr. 2016 13:57

Ca pourrait:

en fixant mssfix/fragment à 1200 j'ai ca:

tcpdump -vi vtnet1 port 4949
tcpdump: listening on vtnet1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:55:51.894837 IP (tos 0x0, ttl 64, id 53964, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35756: Flags [S.], cksum 0xa35d (incorrect -> 0x0f34), seq 1852333620, ack 3491545212, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 82195097 ecr 57499396], length 0
13:55:53.860470 IP (tos 0x10, ttl 63, id 24292, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35758 > 172.16.55.4.4949: Flags [S], cksum 0xd587 (correct), seq 442121654, win 29200, options [mss 1306,sackOK,TS val 57500498 ecr 0,nop,wscale 7], length 0
13:55:53.860529 IP (tos 0x0, ttl 64, id 53971, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9c72), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57500498], length 0
13:55:54.848509 IP (tos 0x10, ttl 63, id 24293, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35758 > 172.16.55.4.4949: Flags [S], cksum 0xd523 (correct), seq 442121654, win 29200, options [mss 1306,sackOK,TS val 57500598 ecr 0,nop,wscale 7], length 0
13:55:54.848566 IP (tos 0x0, ttl 64, id 53993, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9c0e), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57500598], length 0
13:55:56.848292 IP (tos 0x10, ttl 63, id 24294, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35758 > 172.16.55.4.4949: Flags [S], cksum 0xd45b (correct), seq 442121654, win 29200, options [mss 1306,sackOK,TS val 57500798 ecr 0,nop,wscale 7], length 0
13:55:56.848336 IP (tos 0x0, ttl 64, id 53997, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9b46), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57500798], length 0
13:55:59.867995 IP (tos 0x0, ttl 64, id 54002, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9b46), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57500798], length 0
13:56:00.858491 IP (tos 0x10, ttl 63, id 24295, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35758 > 172.16.55.4.4949: Flags [S], cksum 0xd2ca (correct), seq 442121654, win 29200, options [mss 1306,sackOK,TS val 57501199 ecr 0,nop,wscale 7], length 0
13:56:00.858529 IP (tos 0x0, ttl 64, id 54005, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x99b5), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57501199], length 0
13:56:03.872337 IP (tos 0x0, ttl 64, id 54010, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x99b5), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57501199], length 0
13:56:03.908572 IP (tos 0x0, ttl 63, id 13686, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35748 > 172.16.55.4.4949: Flags [S], cksum 0x077b (correct), seq 2790357991, win 29200, options [mss 1306,sackOK,TS val 57501504 ecr 0,nop,wscale 7], length 0
13:56:06.915875 IP (tos 0x0, ttl 64, id 54016, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x99b5), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57501199], length 0
13:56:08.868665 IP (tos 0x10, ttl 63, id 24296, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35758 > 172.16.55.4.4949: Flags [S], cksum 0xcfa9 (correct), seq 442121654, win 29200, options [mss 1306,sackOK,TS val 57502000 ecr 0,nop,wscale 7], length 0
13:56:08.868742 IP (tos 0x0, ttl 64, id 54020, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9694), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57502000], length 0
13:56:11.885127 IP (tos 0x0, ttl 64, id 54025, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9694), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57502000], length 0
13:56:14.899122 IP (tos 0x0, ttl 64, id 54030, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9694), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57502000], length 0
13:56:17.927864 IP (tos 0x0, ttl 64, id 54035, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35758: Flags [S.], cksum 0xa35d (incorrect -> 0x9694), seq 535539525, ack 442121655, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 882419532 ecr 57502000], length 0
13:56:24.908304 IP (tos 0x10, ttl 63, id 24297, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35758 > 172.16.55.4.4949: Flags [S], cksum 0xc965 (correct), seq 442121654, win 29200, options [mss 1306,sackOK,TS val 57503604 ecr 0,nop,wscale 7], length 0
^C
19 packets captured
183 packets received by filter
0 packets dropped by kernel

y a des corrects dans le lot

Message par **poulpito** » ven. 8 avr. 2016 14:01

je sais pas si c'est la valeur miracle
c'était juste une idée lancée en l'air

tu as ta conf openvpn ?
et client ?

Message par **gizmo78** » ven. 8 avr. 2016 14:03

client.conf

# Client
client
dev tun
proto tcp
remote ssh.securmail.fr 8692
resolv-retry infinite
cipher AES-256-CBC
auth SHA512
tls-cipher DHE-RSA-AES256-SHA
#ns-cert-type server

auth-nocache
mssfix 1306
fragment 1306

# Clé
ca /etc/ssl/CAroot.crt
cert /etc/ssl/monitoring.crt
key /etc/ssl/monitoring.key
tls-auth ta.key 1
key-direction 1

# Sécurité
nobind
persist-key
persist-tun
comp-lzo
verb 3

Server.conf

script-security 2

# Serveur TCP/8692
mode server
proto tcp
port 8692
dev tun

# Clés certificats
ca CAroot.crt
cert monitoring-vpn.crt
key monitoring-vpn.key
dh dh2048.pem
tls-auth ta.key 1
key-direction 0

cipher AES-256-CBC
auth SHA512
tls-cipher DHE-RSA-AES256-SHA

# Réseau
client-to-client
server 172.20.20.0 255.255.255.128
#push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
#push "route 192.168.0.0 255.255.255.0"
#client-config-dir ccd
keepalive 10 120

# Sécurité
user nobody
group nogroup
chroot /usr/local/etc/openvpn/jail
persist-key
persist-tun
comp-lzo

# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log

J'ai testé avec 1200 et 1306 mais pareil, vais essayer de diminuer un peu

Message par **gizmo78** » ven. 8 avr. 2016 14:08

une capture d'un telnet 4949 avec le mss/Fragment en 1100:

tcpdump -vi vtnet1 port 4949
tcpdump: listening on vtnet1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:03:50.919924 IP (tos 0x10, ttl 63, id 41419, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xcc23 (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57548205 ecr 0,nop,wscale 7], length 0
14:03:50.919998 IP (tos 0x0, ttl 64, id 55620, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc9fd), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548205], length 0
14:03:51.918302 IP (tos 0x10, ttl 63, id 41420, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xcbbf (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57548305 ecr 0,nop,wscale 7], length 0
14:03:51.918329 IP (tos 0x0, ttl 64, id 55625, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc999), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548305], length 0
14:03:53.928339 IP (tos 0x10, ttl 63, id 41421, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xcaf7 (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57548505 ecr 0,nop,wscale 7], length 0
14:03:53.928386 IP (tos 0x0, ttl 64, id 55630, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc8d1), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548505], length 0
14:03:56.977813 IP (tos 0x0, ttl 64, id 55658, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc8d1), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548505], length 0
14:03:57.928268 IP (tos 0x10, ttl 63, id 41422, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xc966 (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57548906 ecr 0,nop,wscale 7], length 0
14:03:57.928312 IP (tos 0x0, ttl 64, id 55660, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc740), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548906], length 0
14:04:00.938092 IP (tos 0x0, ttl 64, id 55665, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc740), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548906], length 0
14:04:03.944371 IP (tos 0x0, ttl 64, id 55670, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc740), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57548906], length 0
14:04:05.948143 IP (tos 0x10, ttl 63, id 41423, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xc644 (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57549708 ecr 0,nop,wscale 7], length 0
14:04:05.948193 IP (tos 0x0, ttl 64, id 55674, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc41e), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57549708], length 0
14:04:08.967930 IP (tos 0x0, ttl 64, id 55679, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc41e), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57549708], length 0
14:04:12.002710 IP (tos 0x0, ttl 64, id 55684, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc41e), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57549708], length 0
14:04:15.008841 IP (tos 0x0, ttl 64, id 55689, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35772: Flags [S.], cksum 0xa35d (incorrect -> 0xc41e), seq 3611482253, ack 3936599143, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 1514039831 ecr 57549708], length 0
14:04:21.988344 IP (tos 0x10, ttl 63, id 41424, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xc000 (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57551312 ecr 0,nop,wscale 7], length 0
14:04:54.068420 IP (tos 0x10, ttl 63, id 41425, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35772 > 172.16.55.4.4949: Flags [S], cksum 0xb378 (correct), seq 3936599142, win 29200, options [mss 1306,sackOK,TS val 57554520 ecr 0,nop,wscale 7], length 0
14:05:01.534926 IP (tos 0x0, ttl 63, id 52987, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x1e5f (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57555266 ecr 0,nop,wscale 7], length 0
14:05:01.534999 IP (tos 0x0, ttl 64, id 55773, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5dcb), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555266], length 0
14:05:02.528280 IP (tos 0x0, ttl 63, id 52988, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x1dfb (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57555366 ecr 0,nop,wscale 7], length 0
14:05:02.528310 IP (tos 0x0, ttl 64, id 55775, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5d67), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555366], length 0
14:05:04.528184 IP (tos 0x0, ttl 63, id 52989, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x1d33 (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57555566 ecr 0,nop,wscale 7], length 0
14:05:04.528212 IP (tos 0x0, ttl 64, id 55792, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5c9f), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555566], length 0
14:05:07.541834 IP (tos 0x0, ttl 64, id 55810, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5c9f), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555566], length 0
14:05:08.538106 IP (tos 0x0, ttl 63, id 52990, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x1ba2 (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57555967 ecr 0,nop,wscale 7], length 0
14:05:08.538136 IP (tos 0x0, ttl 64, id 55812, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5b0e), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555967], length 0
14:05:11.559426 IP (tos 0x0, ttl 64, id 55817, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5b0e), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555967], length 0
14:05:14.574070 IP (tos 0x0, ttl 64, id 55822, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x5b0e), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57555967], length 0
14:05:16.548310 IP (tos 0x0, ttl 63, id 52991, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x1881 (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57556768 ecr 0,nop,wscale 7], length 0
14:05:16.548349 IP (tos 0x0, ttl 64, id 55826, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x57ed), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57556768], length 0
14:05:19.574143 IP (tos 0x0, ttl 64, id 55831, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x57ed), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57556768], length 0
14:05:22.602077 IP (tos 0x0, ttl 64, id 55836, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x57ed), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57556768], length 0
14:05:25.602835 IP (tos 0x0, ttl 64, id 55841, offset 0, flags [DF], proto TCP (6), length 60)
    172.16.55.4.4949 > 172.20.20.6.35774: Flags [S.], cksum 0xa35d (incorrect -> 0x57ed), seq 1749526834, ack 1098839994, win 65535, options [mss 1306,nop,wscale 6,sackOK,TS val 752874554 ecr 57556768], length 0
14:05:32.588275 IP (tos 0x0, ttl 63, id 52992, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x123d (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57558372 ecr 0,nop,wscale 7], length 0
14:06:04.708315 IP (tos 0x0, ttl 63, id 52993, offset 0, flags [DF], proto TCP (6), length 60)
    172.20.20.6.35774 > 172.16.55.4.4949: Flags [S], cksum 0x05b1 (correct), seq 1098839993, win 29200, options [mss 1306,sackOK,TS val 57561584 ecr 0,nop,wscale 7], length 0

Message par **gizmo78** » ven. 8 avr. 2016 14:21

bon j'ai trouvé....

FreeBSD aime pas les cartes en virtio... je l'ai passé en e1000 et ca fonctionne directement.

J'ai déjà eu le coup avec mon firewall et j'y ai pas pensé de suite....

Merci poulpito pour l'aide

Message par **poulpito** » ven. 8 avr. 2016 14:22

de rien ^^ on était pas loin
j'avais eu ce soucis de bizarreries mais pas sur du bsd mais ouai
e1000 c'est la vie

Message par **gizmo78** » ven. 8 avr. 2016 14:24

bas le truc c'est que normalement en virtio t'as de meilleure perf

Message par **Zedoune** » ven. 8 avr. 2016 16:08

Ton hyperviseur est vieux ? Normalement les virtio fonctionnent très bien.

Message par **gizmo78** » ven. 8 avr. 2016 16:11

nop, proxmox 4.1
kernel 4.2.6-1

edit: qemu-kvm: 1:2.1

Message par **poulpito** » ven. 8 avr. 2016 16:14

ce serait pas un soucis de hardware checksum offload ?

https://doc.pfsense.org/index.php/VirtIO_Driver_Support

Message par **gizmo78** » ven. 8 avr. 2016 16:17

ca peut être une piste oui
https://lists.freebsd.org/pipermail/fre ... 50123.html

Message par **gizmo78** » ven. 8 avr. 2016 16:30

je testerais ca quand j'aurais 5mins:
repasser en virtio et faire ifconfig -rxcsum -txcsum pour désactiver le checksum offload tcp

Message par **Zedoune** » ven. 8 avr. 2016 18:28

Ca j'ai du le faire sur mes serveurs physique en production j'avais de la merde quand ca passait par les vpn !! Je voulais en parler mais j'avais oublié le nom ^^'

Message par **gizmo78** » ven. 8 avr. 2016 19:12

ha bas bien

Message par **gizmo78** » lun. 11 avr. 2016 13:11

alors j'ai testé

et ca fonctionne ^^

donc: ifconfig vtnet0 -rxcsum -txcsum

et la le telnet passe sans soucis!
par contre toujours des checksum incorrect mais ca pose plus de soucis

Message par **gizmo78** » mar. 19 avr. 2016 22:18

et je confirme le fonctionnement pour une vm qui fait routeur/firewall.

A faire sur les deux interfaces pour le coup.

Pour de l'ipv6: ifconfig vtnet0 -rxcsum6 -txcsum6