You are not logged in.

#1 2019-08-17 12:36:57

Registered: 2019-08-17
Posts: 1

Kerio VPN client drops incoming packets

Hello everyone,

Installed Kerio control vpn client from AUR and everythink went fine during the install. Archlinux system is very clean, it's been installed for a couple of days only. kvnet interface goes up with no problem :

5: kvnet: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether aa:db:c1:44:10:23 brd ff:ff:ff:ff:ff:ff
    inet brd scope global kvnet
       valid_lft forever preferred_lft forever
    inet6 fe80::c468:c7ae:1587:d26/64 scope link 
       valid_lft forever preferred_lft forever

Problem is that any kind of packets (ICMP, TCP) gets dropped when the answer is coming back. With tcpdump, I can see no issue on the round trip :

 $ ping &
 $ sudo tcpdump -i kvnet -n 'icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on kvnet, link-type EN10MB (Ethernet), capture size 262144 bytes
19:23:27.669027 IP > ICMP echo request, id 8445, seq 1, length 64
19:23:27.703244 IP > ICMP echo reply, id 8445, seq 1, length 64

No answer, it looks like kernel or iptables is dropping packets. I haven't any special sysctl configuration, everything on the network side is vanilla. No iptables rule, in any table, with ACCEPT everywhere. Nothing particular in dmesg.

Nothing intersting in kerio debug log either :

[14/Aug/2019 19:26:10] {vpnClient} VPNClient[0001] - sending Q_KEEPALIVE message
[14/Aug/2019 19:26:10] {vpnCore} IP packet -> handled.
[14/Aug/2019 19:26:10] {vpnCore} IP packet -> handled.
[14/Aug/2019 19:26:10] {vpnClient} VPNClient[0001] - received R_KEEPALIVE message
[14/Aug/2019 19:26:15] {vpnCore} IP packet -> handled.
[14/Aug/2019 19:26:18] {vpnCore} IP packet -> handled.
[14/Aug/2019 19:26:18] {vpnCore} IP packet -> handled.
[14/Aug/2019 19:26:19] {vpnCore} IP packet -> handled.

I tried installing the package from AUR, but also directly from unpacking official deb file, same result. The very same packages were running fine on my old configuration (Xubuntu) last week, so I'm sure it's not a problem with the VPN server or the package itself.

Any idea of what investigation step I can perform to learn more about what's going on ?
Thank in advance for your help


Board footer

Powered by FluxBB