OpenVPN, high UDP traffic at idle?

nfm · 2012-01-24 03:05:17

Hello guys,

I'm new to VPN. I'm leasing an anonymous IP address. I keep seeing that my router activity LED shows substantial activity, and my system shows about 30Kbytes/s of incoming traffic when I'm not really doing anything. Is this something to be expected with VPN?

stqn · 2012-01-26 21:11:31

Nope.

fukawi2 · 2012-01-26 23:01:09

Have you traffic dumped the tunnel to see what is going through it?

tcpdump -lnn -i tun0

You might need to write it to a file and analyse it offline with Wireshark:

tcpdump -lnn -i tun0 -s0 -w /tmp/openvpn-traffic.pcap

(The above assumes your OpenVPN interface is tun0... Replace with tap0 or whatever it actually is.)

nfm · 2012-01-27 22:15:36

Thanks for the replies, I was viewing/dumping eth0 instead of tun0 previously. It seems that the traffic and noise is coming from the nodes connected to the VPN. Too many Windows users, annoying NETBIOS/Windows Sharing/ARP broadcasts. I will be trying out different VPN once this one runs out.

fukawi2 · 2012-01-27 22:27:40

nfm wrote:

Too many Windows users, annoying NETBIOS/Windows Sharing/ARP broadcasts. I will be trying out different VPN once this one runs out.

I suspected that might have been the case (broadcast traffic).

Changing from a Bridged to a Routed type VPN will prevent the broadcast traffic being sent over the VPN. OpenVPN supports both types; you must be using Bridged at the moment since the broadcast traffic is coming over it.

nfm · 2012-01-28 00:00:11

@fukawi2
Indeed, I'm running a bridged setup. It seems like I can't change to routed IP tunnel, changing to 'dev tun' from 'dev tap' resulted in:

WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'

WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.128) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)

I think it means that the server supports only 'tap'.

lifeafter2am · 2012-01-28 01:39:56

I'm quite surprised that an anonymous VPN service would give you access to a TAP interface at all. That seems like a huge security issue IMO considering you have (potential) access to every client on the network.

fukawi2 · 2012-01-29 11:09:50

nfm wrote:

I think it means that the server supports only 'tap'.

You need to update both ends, and also assign/allocate a subnet to use for tunnels (ie, a little more than just changing "tap" to "tun")

lifeafter2am wrote:

That seems like a huge security issue IMO considering you have (potential) access to every client on the network.

Not unless the server has the "client-to-client" option enabled

Arch Linux

#1 2012-01-24 03:05:17

OpenVPN, high UDP traffic at idle?

#2 2012-01-26 21:11:31

Re: OpenVPN, high UDP traffic at idle?

#3 2012-01-26 23:01:09

Re: OpenVPN, high UDP traffic at idle?

#4 2012-01-27 22:15:36

Re: OpenVPN, high UDP traffic at idle?

#5 2012-01-27 22:27:40

Re: OpenVPN, high UDP traffic at idle?

#6 2012-01-28 00:00:11

Re: OpenVPN, high UDP traffic at idle?

#7 2012-01-28 01:39:56

Re: OpenVPN, high UDP traffic at idle?

#8 2012-01-29 11:09:50

Re: OpenVPN, high UDP traffic at idle?

Board footer