You are not logged in.

#1 2019-08-17 12:36:57

LeMonsieurF
Member
Registered: 2019-08-17
Posts: 2

Kerio VPN client drops incoming packets

Hello everyone,

Installed Kerio control vpn client from AUR and everythink went fine during the install. Archlinux system is very clean, it's been installed for a couple of days only. kvnet interface goes up with no problem :

5: kvnet: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether aa:db:c1:44:10:23 brd ff:ff:ff:ff:ff:ff
    inet 172.26.110.17/27 brd 172.26.110.31 scope global kvnet
       valid_lft forever preferred_lft forever
    inet6 fe80::c468:c7ae:1587:d26/64 scope link 
       valid_lft forever preferred_lft forever

Problem is that any kind of packets (ICMP, TCP) gets dropped when the answer is coming back. With tcpdump, I can see no issue on the round trip :

 $ ping 192.168.110.40 &
 $ sudo tcpdump -i kvnet -n 'icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on kvnet, link-type EN10MB (Ethernet), capture size 262144 bytes
19:23:27.669027 IP 172.26.110.17 > 192.168.110.40: ICMP echo request, id 8445, seq 1, length 64
19:23:27.703244 IP 192.168.110.40 > 172.26.110.17: ICMP echo reply, id 8445, seq 1, length 64

No answer, it looks like kernel or iptables is dropping packets. I haven't any special sysctl configuration, everything on the network side is vanilla. No iptables rule, in any table, with ACCEPT everywhere. Nothing particular in dmesg.

Nothing intersting in kerio debug log either :

[14/Aug/2019 19:26:10] {vpnClient} VPNClient[0001] - sending Q_KEEPALIVE message
[14/Aug/2019 19:26:10] {vpnCore} IP packet 172.26.110.17 -> 172.26.110.1 handled.
[14/Aug/2019 19:26:10] {vpnCore} IP packet 172.26.110.17 -> 172.26.110.1 handled.
[14/Aug/2019 19:26:10] {vpnClient} VPNClient[0001] - received R_KEEPALIVE message
[14/Aug/2019 19:26:15] {vpnCore} IP packet 172.26.110.17 -> 172.26.110.1 handled.
[14/Aug/2019 19:26:18] {vpnCore} IP packet 172.26.110.17 -> 172.26.110.1 handled.
[14/Aug/2019 19:26:18] {vpnCore} IP packet 172.26.110.17 -> 172.26.110.31 handled.
[14/Aug/2019 19:26:19] {vpnCore} IP packet 172.26.110.17 -> 172.26.110.1 handled.

I tried installing the package from AUR, but also directly from unpacking official deb file, same result. The very same packages were running fine on my old configuration (Xubuntu) last week, so I'm sure it's not a problem with the VPN server or the package itself.

Any idea of what investigation step I can perform to learn more about what's going on ?
Thank in advance for your help

Offline

#2 2020-02-14 10:22:47

oudesab
Member
From: Russia, Yekaterinburg
Registered: 2020-02-14
Posts: 2

Re: Kerio VPN client drops incoming packets

Hello. I have the same problem. Did you find a solution?
Version 9.3.4-3795 does not work either.

Last edited by oudesab (2020-02-14 10:25:12)

Offline

#3 2020-02-14 13:16:08

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 343

Re: Kerio VPN client drops incoming packets

What is this?..

19:23:27.703244 IP 192.168.110.40 > 172.26.110.17: ICMP echo reply, id 8445, seq 1, length 64

Edit: I sure wish you people wouldn't do that.

Last edited by Zod (2020-02-14 13:28:10)

Offline

#4 2020-02-15 01:50:21

LeMonsieurF
Member
Registered: 2019-08-17
Posts: 2

Re: Kerio VPN client drops incoming packets

@oudesab : Haven't found any solution, I had to install an OpenVPN in the target infra to give me access. But Kerio is still there so I can continue testing.

@zod : Speak your mind, I don't see what can be wrong with this smile I may be missing something obvious.

Offline

#5 2020-02-15 06:36:16

oudesab
Member
From: Russia, Yekaterinburg
Registered: 2020-02-14
Posts: 2

Re: Kerio VPN client drops incoming packets

I configured the network through the installed in VM VirtualBox Ubuntu along with Kerio.
This works, but tcpdump does not output 'ICMP echo reply':

$ ping 192.168.2.182 > /dev/null &
$ sudo tcpdump -i kvnet -n 'icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on kvnet, link-type EN10MB (Ethernet), capture size 262144 bytes
11:04:13.671753 IP 192.168.11.76 > 192.168.2.182: ICMP echo request, id 2, seq 19, length 64
11:04:14.685110 IP 192.168.11.76 > 192.168.2.182: ICMP echo request, id 2, seq 20, length 64
11:04:15.698399 IP 192.168.11.76 > 192.168.2.182: ICMP echo request, id 2, seq 21, length 64
11:04:16.711715 IP 192.168.11.76 > 192.168.2.182: ICMP echo request, id 2, seq 22, length 64

I don’t understand what is happening hmm

Maybe someone is obvious, but I have little experience with the network.
I would like to find a solution so as not to run often VM)

Last edited by oudesab (2020-02-15 06:40:14)

Offline

Board footer

Powered by FluxBB