Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread James Lodge
Hello all,


I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
OpenVPN. I'm not using vimage and don't particularly want to but I'm having an 
issue with networking.


OpenVPN daemon is up and running and I can connect successfully as a client. I 
receive an IP address as expected, but I cannot route traffic to/from 
client/server. The routing table on the client (which is a Windows machine) 
looks fine so I assume the issue is on the server side. I have a tun interface 
created on the host and exposed to the jail via devfs rules. The IP address on 
the tun interface is configure on the host and not from the jail. I can ping 
the tun interface IP from the host and the jail, but not from the client when 
connected.


Client-public IP - lo1 (Jail alias Interface)--tun0 
(OpenVPN Interface)

10.8.06  x.x.x.x   172.16.1.8   
   10.8.0.1



OpenVPN Jail Routing Table:

Internet:
DestinationGatewayFlags  Netif Expire
172.16.1.8 link#4 UH  lo1

Jail Host Routing Table:
Internet:
DestinationGatewayFlags  Netif Expire
defaultx.x.0.1 UGS  vtnet0
10.8.0.0   10.8.0.2   UGStun0
10.8.0.1  link#5 UHS lo0
10.8.0.2  link#5 UH tun0
x.x.0.0/18  link#1 Uvtnet0
x.x.x.x link#1 UHS lo0
localhostlink#3 UH  lo0
172.16.1.1 link#4 UH  lo1
172.16.1.2 link#4 UH  lo1
172.16.1.3 link#4 UH  lo1
172.16.1.4 link#4 UH  lo1
172.16.1.5 link#4 UH  lo1
172.16.1.6 link#4 UH  lo1
172.16.1.7 link#4 UH  lo1
172.16.1.8 link#4 UH  lo1

Client Routing Table:

IPv4 Route Table
===
Active Routes:
Network DestinationNetmask  Gateway   Interface  Metric
  0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
 10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
 10.8.0.4  255.255.255.252 On-link  10.8.0.6276
 10.8.0.6  255.255.255.255 On-link  10.8.0.6276
 10.8.0.7  255.255.255.255 On-link  10.8.0.6276



I'm a little stumped as to how to trouble shoot the issue so any help much 
appreciated.


James



___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread Allan Jude
On 2015-10-23 11:37, James Lodge wrote:
> Hello all,
> 
> 
> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
> an issue with networking.
> 
> 
> OpenVPN daemon is up and running and I can connect successfully as a client. 
> I receive an IP address as expected, but I cannot route traffic to/from 
> client/server. The routing table on the client (which is a Windows machine) 
> looks fine so I assume the issue is on the server side. I have a tun 
> interface created on the host and exposed to the jail via devfs rules. The IP 
> address on the tun interface is configure on the host and not from the jail. 
> I can ping the tun interface IP from the host and the jail, but not from the 
> client when connected.
> 
> 
> Client-public IP - lo1 (Jail alias Interface)--tun0 
> (OpenVPN Interface)
> 
> 10.8.06  x.x.x.x   172.16.1.8 
>  10.8.0.1
> 
> 
> 
> OpenVPN Jail Routing Table:
> 
> Internet:
> DestinationGatewayFlags  Netif Expire
> 172.16.1.8 link#4 UH  lo1
> 
> Jail Host Routing Table:
> Internet:
> DestinationGatewayFlags  Netif Expire
> defaultx.x.0.1 UGS  vtnet0
> 10.8.0.0   10.8.0.2   UGStun0
> 10.8.0.1  link#5 UHS lo0
> 10.8.0.2  link#5 UH tun0
> x.x.0.0/18  link#1 Uvtnet0
> x.x.x.x link#1 UHS lo0
> localhostlink#3 UH  lo0
> 172.16.1.1 link#4 UH  lo1
> 172.16.1.2 link#4 UH  lo1
> 172.16.1.3 link#4 UH  lo1
> 172.16.1.4 link#4 UH  lo1
> 172.16.1.5 link#4 UH  lo1
> 172.16.1.6 link#4 UH  lo1
> 172.16.1.7 link#4 UH  lo1
> 172.16.1.8 link#4 UH  lo1
> 
> Client Routing Table:
> 
> IPv4 Route Table
> ===
> Active Routes:
> Network DestinationNetmask  Gateway   Interface  Metric
>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
>  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
>  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
>  10.8.0.7  255.255.255.255 On-link  10.8.0.6276
> 
> 
> 
> I'm a little stumped as to how to trouble shoot the issue so any help much 
> appreciated.
> 
> 
> James
> 
> 
> 
> ___
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
> 

Try running 'tcpdump -i tun0 -n' on the host, while pining from the
windows machine, and see if the packets are arriving.

-- 
Allan Jude



signature.asc
Description: OpenPGP digital signature


Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread James Lodge
> On 2015-10-23 11:37, James Lodge wrote:
> Hello all,
>
>
> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
> an issue with networking.
>
>
> OpenVPN daemon is up and running and I can connect successfully as a client. 
> I receive an IP address as expected, but I cannot route traffic to/from 
> client/server. The routing table on the client (which is a Windows machine) 
> looks fine so I assume the issue is on the server side. I have a tun 
> interface created on the host and exposed to the jail via devfs rules. The IP 
> address on the tun interface is configure on the host and not from the jail. 
> I can ping the tun interface IP from the host and the jail, but not from the 
> client when connected.
>
>
> Client-public IP - lo1 (Jail alias Interface)--tun0 
> (OpenVPN Interface)
>
> 10.8.06  x.x.x.x   172.16.1.8 
>  10.8.0.1
>
>
>
> OpenVPN Jail Routing Table:
>
> Internet:
> DestinationGatewayFlags  Netif Expire
> 172.16.1.8 link#4 UH  lo1
>
> Jail Host Routing Table:
> Internet:
> DestinationGatewayFlags  Netif Expire
> defaultx.x.0.1 UGS  vtnet0
> 10.8.0.0   10.8.0.2   UGStun0
> 10.8.0.1  link#5 UHS lo0
> 10.8.0.2  link#5 UH tun0
> x.x.0.0/18  link#1 Uvtnet0
> x.x.x.x link#1 UHS lo0
> localhostlink#3 UH  lo0
> 172.16.1.1 link#4 UH  lo1
> 172.16.1.2 link#4 UH  lo1
> 172.16.1.3 link#4 UH  lo1
> 172.16.1.4 link#4 UH  lo1
> 172.16.1.5 link#4 UH  lo1
> 172.16.1.6 link#4 UH  lo1
> 172.16.1.7 link#4 UH  lo1
> 172.16.1.8 link#4 UH  lo1
>
> Client Routing Table:
>
> IPv4 Route Table
> ===
> Active Routes:
> Network DestinationNetmask  Gateway   Interface  Metric
>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
>  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
>  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
>  10.8.0.7  255.255.255.255 On-link  10.8.0.6276
>
>
>
> I'm a little stumped as to how to trouble shoot the issue so any help much 
> appreciated.
>
>
> James
>
>
>
> ___
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>

> Try running 'tcpdump -i tun0 -n' on the host, while pining from the
> windows machine, and see if the packets are arriving.
>
>--
>Allan Jude


Thank you Allan, 

I should have thought of tcpdump. So traffic is being received at the host from 
the windows client.

Results from Host tcpdump -i tun0 -n 

18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
length 40
18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 512633761, 
win 8192, options [mss 1368,nop,nop,sackOK], length 0
18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. (34)
18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. (34)

After that I thought I'd see if the traffic is reaching the jail. After allow 
the jail access to /dev/bpf I get the same results as the host, traffic is 
received. 

Results from Jail tcpdump -i tun0 -n

19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34)
19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. (34)
19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34)
19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0
19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0
19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 
3107463099, win 65535, options [mss 1368,nop,nop,sackOK], length 0
19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. (34)


Regards
James
___
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread Allan Jude
On 2015-10-23 14:13, James Lodge wrote:
>> On 2015-10-23 11:37, James Lodge wrote:
>> Hello all,
>>
>>
>> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
>> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
>> an issue with networking.
>>
>>
>> OpenVPN daemon is up and running and I can connect successfully as a client. 
>> I receive an IP address as expected, but I cannot route traffic to/from 
>> client/server. The routing table on the client (which is a Windows machine) 
>> looks fine so I assume the issue is on the server side. I have a tun 
>> interface created on the host and exposed to the jail via devfs rules. The 
>> IP address on the tun interface is configure on the host and not from the 
>> jail. I can ping the tun interface IP from the host and the jail, but not 
>> from the client when connected.
>>
>>
>> Client-public IP - lo1 (Jail alias Interface)--tun0 
>> (OpenVPN Interface)
>>
>> 10.8.06  x.x.x.x   172.16.1.8
>>   10.8.0.1
>>
>>
>>
>> OpenVPN Jail Routing Table:
>>
>> Internet:
>> DestinationGatewayFlags  Netif Expire
>> 172.16.1.8 link#4 UH  lo1
>>
>> Jail Host Routing Table:
>> Internet:
>> DestinationGatewayFlags  Netif Expire
>> defaultx.x.0.1 UGS  vtnet0
>> 10.8.0.0   10.8.0.2   UGStun0
>> 10.8.0.1  link#5 UHS lo0
>> 10.8.0.2  link#5 UH tun0
>> x.x.0.0/18  link#1 Uvtnet0
>> x.x.x.x link#1 UHS lo0
>> localhostlink#3 UH  lo0
>> 172.16.1.1 link#4 UH  lo1
>> 172.16.1.2 link#4 UH  lo1
>> 172.16.1.3 link#4 UH  lo1
>> 172.16.1.4 link#4 UH  lo1
>> 172.16.1.5 link#4 UH  lo1
>> 172.16.1.6 link#4 UH  lo1
>> 172.16.1.7 link#4 UH  lo1
>> 172.16.1.8 link#4 UH  lo1
>>
>> Client Routing Table:
>>
>> IPv4 Route Table
>> ===
>> Active Routes:
>> Network DestinationNetmask  Gateway   Interface  Metric
>>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
>>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
>>  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
>>  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
>>  10.8.0.7  255.255.255.255 On-link  10.8.0.6276
>>
>>
>>
>> I'm a little stumped as to how to trouble shoot the issue so any help much 
>> appreciated.
>>
>>
>> James
>>
>>
>>
>> ___
>> freebsd-jail@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>>
> 
>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the
>> windows machine, and see if the packets are arriving.
>>
>> --
>> Allan Jude
> 
> 
> Thank you Allan, 
> 
> I should have thought of tcpdump. So traffic is being received at the host 
> from the windows client.
> 
> Results from Host tcpdump -i tun0 -n 
> 
> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
> length 40
> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
> (34)
> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
> (34)
> 
> After that I thought I'd see if the traffic is reaching the jail. After allow 
> the jail access to /dev/bpf I get the same results as the host, traffic is 
> received. 
> 
> Results from Jail tcpdump -i tun0 -n
> 
> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
> (34)
> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. 
> (34)
> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
> (34)
> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0
> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
> 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0
> 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 
> 3107463099, win 65535, options [mss 1368,nop,nop,sackOK], length 0
> 19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
> (34)
> 
> 
> Regards
> James
> _

Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread James Lodge
On 2015-10-23 14:13, James Lodge wrote:
>> On 2015-10-23 11:37, James Lodge wrote:
>> Hello all,
>>
>>
>> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
>> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
>> an issue with networking.
>>
>>
>> OpenVPN daemon is up and running and I can connect successfully as a client. 
>> I receive an IP address as expected, but I cannot route traffic to/from 
>> client/server. The routing table on the client (which is a Windows machine) 
>> looks fine so I assume the issue is on the server side. I have a tun 
>> interface created on the host and exposed to the jail via devfs rules. The 
>> IP address on the tun interface is configure on the host and not from the 
>> jail. I can ping the tun interface IP from the host and the jail, but not 
>> from the client when connected.
>>
>>
>> Client-public IP - lo1 (Jail alias Interface)--tun0 
>> (OpenVPN Interface)
>>
>> 10.8.06  x.x.x.x   172.16.1.8
>>   10.8.0.1
>>
>>
>>
>> OpenVPN Jail Routing Table:
>>
>> Internet:
>> DestinationGatewayFlags  Netif Expire
>> 172.16.1.8 link#4 UH  lo1
>>
>> Jail Host Routing Table:
>> Internet:
>> DestinationGatewayFlags  Netif Expire
>> defaultx.x.0.1 UGS  vtnet0
>> 10.8.0.0   10.8.0.2   UGStun0
>> 10.8.0.1  link#5 UHS lo0
>> 10.8.0.2  link#5 UH tun0
>> x.x.0.0/18  link#1 Uvtnet0
>> x.x.x.x link#1 UHS lo0
>> localhostlink#3 UH  lo0
>> 172.16.1.1 link#4 UH  lo1
>> 172.16.1.2 link#4 UH  lo1
>> 172.16.1.3 link#4 UH  lo1
>> 172.16.1.4 link#4 UH  lo1
>> 172.16.1.5 link#4 UH  lo1
>> 172.16.1.6 link#4 UH  lo1
>> 172.16.1.7 link#4 UH  lo1
>> 172.16.1.8 link#4 UH  lo1
>>
>> Client Routing Table:
>>
>> IPv4 Route Table
>> ===
>> Active Routes:
>> Network DestinationNetmask  Gateway   Interface  Metric
>>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
>>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
>>  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
>>  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
>>  10.8.0.7  255.255.255.255 On-link  10.8.0.6276
>>
>>
>>
>> I'm a little stumped as to how to trouble shoot the issue so any help much 
>> appreciated.
>>
>>
>> James
>>
>>
>>
>> ___
>> freebsd-jail@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>>
>
>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the
>> windows machine, and see if the packets are arriving.
>>
>> --
>> Allan Jude
>
>
> Thank you Allan,
>
> I should have thought of tcpdump. So traffic is being received at the host 
> from the windows client.
>
> Results from Host tcpdump -i tun0 -n
>
> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
> length 40
> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
> (34)
> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
> (34)
>
> After that I thought I'd see if the traffic is reaching the jail. After allow 
> the jail access to /dev/bpf I get the same results as the host, traffic is 
> received.
>
> Results from Jail tcpdump -i tun0 -n
>
> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
> (34)
> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. 
> (34)
> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
> (34)
> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0
> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
> 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length 0
> 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 
> 3107463099, win 65535, options [mss 1368,nop,nop,sackOK], length 0
> 19:09:14.814392 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
> (34)
>
>
> Regards
> James
> ___

Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread Allan Jude
On 2015-10-23 15:15, James Lodge wrote:
> On 2015-10-23 14:13, James Lodge wrote:
>>> On 2015-10-23 11:37, James Lodge wrote:
>>> Hello all,
>>>
>>>
>>> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
>>> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
>>> an issue with networking.
>>>
>>>
>>> OpenVPN daemon is up and running and I can connect successfully as a 
>>> client. I receive an IP address as expected, but I cannot route traffic 
>>> to/from client/server. The routing table on the client (which is a Windows 
>>> machine) looks fine so I assume the issue is on the server side. I have a 
>>> tun interface created on the host and exposed to the jail via devfs rules. 
>>> The IP address on the tun interface is configure on the host and not from 
>>> the jail. I can ping the tun interface IP from the host and the jail, but 
>>> not from the client when connected.
>>>
>>>
>>> Client-public IP - lo1 (Jail alias Interface)--tun0 
>>> (OpenVPN Interface)
>>>
>>> 10.8.06  x.x.x.x   172.16.1.8   
>>>10.8.0.1
>>>
>>>
>>>
>>> OpenVPN Jail Routing Table:
>>>
>>> Internet:
>>> DestinationGatewayFlags  Netif Expire
>>> 172.16.1.8 link#4 UH  lo1
>>>
>>> Jail Host Routing Table:
>>> Internet:
>>> DestinationGatewayFlags  Netif Expire
>>> defaultx.x.0.1 UGS  vtnet0
>>> 10.8.0.0   10.8.0.2   UGStun0
>>> 10.8.0.1  link#5 UHS lo0
>>> 10.8.0.2  link#5 UH tun0
>>> x.x.0.0/18  link#1 Uvtnet0
>>> x.x.x.x link#1 UHS lo0
>>> localhostlink#3 UH  lo0
>>> 172.16.1.1 link#4 UH  lo1
>>> 172.16.1.2 link#4 UH  lo1
>>> 172.16.1.3 link#4 UH  lo1
>>> 172.16.1.4 link#4 UH  lo1
>>> 172.16.1.5 link#4 UH  lo1
>>> 172.16.1.6 link#4 UH  lo1
>>> 172.16.1.7 link#4 UH  lo1
>>> 172.16.1.8 link#4 UH  lo1
>>>
>>> Client Routing Table:
>>>
>>> IPv4 Route Table
>>> ===
>>> Active Routes:
>>> Network DestinationNetmask  Gateway   Interface  Metric
>>>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
>>>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
>>>  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
>>>  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
>>>  10.8.0.7  255.255.255.255 On-link  10.8.0.6276
>>>
>>>
>>>
>>> I'm a little stumped as to how to trouble shoot the issue so any help much 
>>> appreciated.
>>>
>>>
>>> James
>>>
>>>
>>>
>>> ___
>>> freebsd-jail@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>>>
>>
>>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the
>>> windows machine, and see if the packets are arriving.
>>>
>>> --
>>> Allan Jude
>>
>>
>> Thank you Allan,
>>
>> I should have thought of tcpdump. So traffic is being received at the host 
>> from the windows client.
>>
>> Results from Host tcpdump -i tun0 -n
>>
>> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
>> length 40
>> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
>> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
>> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>> (34)
>> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>> (34)
>>
>> After that I thought I'd see if the traffic is reaching the jail. After 
>> allow the jail access to /dev/bpf I get the same results as the host, 
>> traffic is received.
>>
>> Results from Jail tcpdump -i tun0 -n
>>
>> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>> (34)
>> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. 
>> (34)
>> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>> (34)
>> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
>> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0
>> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
>> 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0
>> 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 
>> 3107463099, win 65535, options [mss

Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread James Lodge

>On 2015-10-23 15:15, James Lodge wrote:
> On 2015-10-23 14:13, James Lodge wrote:
>>> On 2015-10-23 11:37, James Lodge wrote:
>>> Hello all,
>>>
>>>
>>> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
>>> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
>>> an issue with networking.
>>>
>>>
>>> OpenVPN daemon is up and running and I can connect successfully as a 
>>> client. I receive an IP address as expected, but I cannot route traffic 
>>> to/from client/server. The routing table on the client (which is a Windows 
>>> machine) looks fine so I assume the issue is on the server side. I have a 
>>> tun interface created on the host and exposed to the jail via devfs rules. 
>>> The IP address on the tun interface is configure on the host and not from 
>>> the jail. I can ping the tun interface IP from the host and the jail, but 
>>> not from the client when connected.
>>>
>>>
>>> Client-public IP - lo1 (Jail alias Interface)--tun0 
>>> (OpenVPN Interface)
>>>
>>> 10.8.06  x.x.x.x   172.16.1.8   
>>>10.8.0.1
>>>
>>>
>>>
>>> OpenVPN Jail Routing Table:
>>>
>>> Internet:
>>> DestinationGatewayFlags  Netif Expire
>>> 172.16.1.8 link#4 UH  lo1
>>>
>>> Jail Host Routing Table:
>>> Internet:
>>> DestinationGatewayFlags  Netif Expire
>>> defaultx.x.0.1 UGS  vtnet0
>>> 10.8.0.0   10.8.0.2   UGStun0
>>> 10.8.0.1  link#5 UHS lo0
>>> 10.8.0.2  link#5 UH tun0
>>> x.x.0.0/18  link#1 Uvtnet0
>>> x.x.x.x link#1 UHS lo0
>>> localhostlink#3 UH  lo0
>>> 172.16.1.1 link#4 UH  lo1
>>> 172.16.1.2 link#4 UH  lo1
>>> 172.16.1.3 link#4 UH  lo1
>>> 172.16.1.4 link#4 UH  lo1
>>> 172.16.1.5 link#4 UH  lo1
>>> 172.16.1.6 link#4 UH  lo1
>>> 172.16.1.7 link#4 UH  lo1
>>> 172.16.1.8 link#4 UH  lo1
>>>
>>> Client Routing Table:
>>>
>>> IPv4 Route Table
>>> ===
>>> Active Routes:
>>> Network DestinationNetmask  Gateway   Interface  Metric
>>>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
>>>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
>>>  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
>>>  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
>>>  10.8.0.7  255.255.255.255 On-link  10.8.0.6276
>>>
>>>
>>>
>>> I'm a little stumped as to how to trouble shoot the issue so any help much 
>>> appreciated.
>>>
>>>
>>> James
>>>
>>>
>>>
>>> ___
>>> freebsd-jail@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>>>
>>
>>> Try running 'tcpdump -i tun0 -n' on the host, while pining from the
>>> windows machine, and see if the packets are arriving.
>>>
>>> --
>>> Allan Jude
>>
>>
>> Thank you Allan,
>>
>> I should have thought of tcpdump. So traffic is being received at the host 
>> from the windows client.
>>
>> Results from Host tcpdump -i tun0 -n
>>
>> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
>> length 40
>> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
>> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
>> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>> (34)
>> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>> (34)
>>
>> After that I thought I'd see if the traffic is reaching the jail. After 
>> allow the jail access to /dev/bpf I get the same results as the host, 
>> traffic is received.
>>
>> Results from Jail tcpdump -i tun0 -n
>>
>> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>> (34)
>> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. 
>> (34)
>> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>> (34)
>> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
>> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0
>> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
>> 4152048904, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], length >> 0
>> 19:09:14.628697 IP 10.8.0.6.57100 > 192.168.0.112.80: Flags [S], seq 
>> 3107463099, win 65535, options [m

Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread Allan Jude
On 2015-10-23 16:45, James Lodge wrote:
> 
>> On 2015-10-23 15:15, James Lodge wrote:
>> On 2015-10-23 14:13, James Lodge wrote:
 On 2015-10-23 11:37, James Lodge wrote:
 Hello all,


 I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
 OpenVPN. I'm not using vimage and don't particularly want to but I'm 
 having an issue with networking.


 OpenVPN daemon is up and running and I can connect successfully as a 
 client. I receive an IP address as expected, but I cannot route traffic 
 to/from client/server. The routing table on the client (which is a Windows 
 machine) looks fine so I assume the issue is on the server side. I have a 
 tun interface created on the host and exposed to the jail via devfs rules. 
 The IP address on the tun interface is configure on the host and not from 
 the jail. I can ping the tun interface IP from the host and the jail, but 
 not from the client when connected.


 Client-public IP - lo1 (Jail alias Interface)--tun0 
 (OpenVPN Interface)

 10.8.06  x.x.x.x   172.16.1.8  
 10.8.0.1



 OpenVPN Jail Routing Table:

 Internet:
 DestinationGatewayFlags  Netif Expire
 172.16.1.8 link#4 UH  lo1

 Jail Host Routing Table:
 Internet:
 DestinationGatewayFlags  Netif Expire
 defaultx.x.0.1 UGS  vtnet0
 10.8.0.0   10.8.0.2   UGStun0
 10.8.0.1  link#5 UHS lo0
 10.8.0.2  link#5 UH tun0
 x.x.0.0/18  link#1 Uvtnet0
 x.x.x.x link#1 UHS lo0
 localhostlink#3 UH  lo0
 172.16.1.1 link#4 UH  lo1
 172.16.1.2 link#4 UH  lo1
 172.16.1.3 link#4 UH  lo1
 172.16.1.4 link#4 UH  lo1
 172.16.1.5 link#4 UH  lo1
 172.16.1.6 link#4 UH  lo1
 172.16.1.7 link#4 UH  lo1
 172.16.1.8 link#4 UH  lo1

 Client Routing Table:

 IPv4 Route Table
 ===
 Active Routes:
 Network DestinationNetmask  Gateway   Interface  Metric
   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
  10.8.0.7  255.255.255.255 On-link  10.8.0.6276



 I'm a little stumped as to how to trouble shoot the issue so any help much 
 appreciated.


 James



 ___
 freebsd-jail@freebsd.org mailing list
 https://lists.freebsd.org/mailman/listinfo/freebsd-jail
 To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

>>>
 Try running 'tcpdump -i tun0 -n' on the host, while pining from the
 windows machine, and see if the packets are arriving.

 --
 Allan Jude
>>>
>>>
>>> Thank you Allan,
>>>
>>> I should have thought of tcpdump. So traffic is being received at the host 
>>> from the windows client.
>>>
>>> Results from Host tcpdump -i tun0 -n
>>>
>>> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
>>> length 40
>>> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
>>> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
>>> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>>> (34)
>>> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>>> (34)
>>>
>>> After that I thought I'd see if the traffic is reaching the jail. After 
>>> allow the jail access to /dev/bpf I get the same results as the host, 
>>> traffic is received.
>>>
>>> Results from Jail tcpdump -i tun0 -n
>>>
>>> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>>> (34)
>>> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. 
>>> (34)
>>> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>>> (34)
>>> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
>>> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], 
>>> length 0
>>> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
>>> 4152048904, win 8192, opt

Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread James Lodge

>On 2015-10-23 16:45, James Lodge wrote:
>
>> On 2015-10-23 15:15, James Lodge wrote:
>> On 2015-10-23 14:13, James Lodge wrote:
 On 2015-10-23 11:37, James Lodge wrote:
 Hello all,


 I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
 OpenVPN. I'm not using vimage and don't particularly want to but I'm 
 having an issue with networking.


 OpenVPN daemon is up and running and I can connect successfully as a 
 client. I receive an IP address as expected, but I cannot route traffic 
 to/from client/server. The routing table on the client (which is a Windows 
 machine) looks fine so I assume the issue is on the server side. I have a 
 tun interface created on the host and exposed to the jail via devfs rules. 
 The IP address on the tun interface is configure on the host and not from 
 the jail. I can ping the tun interface IP from the host and the jail, but 
 not from the client when connected.


 Client-public IP - lo1 (Jail alias Interface)--tun0 
 (OpenVPN Interface)

 10.8.06  x.x.x.x   172.16.1.8  
 10.8.0.1



 OpenVPN Jail Routing Table:

 Internet:
 DestinationGatewayFlags  Netif Expire
 172.16.1.8 link#4 UH  lo1

 Jail Host Routing Table:
 Internet:
 DestinationGatewayFlags  Netif Expire
 defaultx.x.0.1 UGS  vtnet0
 10.8.0.0   10.8.0.2   UGStun0
 10.8.0.1  link#5 UHS lo0
 10.8.0.2  link#5 UH tun0
 x.x.0.0/18  link#1 Uvtnet0
 x.x.x.x link#1 UHS lo0
 localhostlink#3 UH  lo0
 172.16.1.1 link#4 UH  lo1
 172.16.1.2 link#4 UH  lo1
 172.16.1.3 link#4 UH  lo1
 172.16.1.4 link#4 UH  lo1
 172.16.1.5 link#4 UH  lo1
 172.16.1.6 link#4 UH  lo1
 172.16.1.7 link#4 UH  lo1
 172.16.1.8 link#4 UH  lo1

 Client Routing Table:

 IPv4 Route Table
 ===
 Active Routes:
 Network DestinationNetmask  Gateway   Interface  Metric
   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 20
  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 20
  10.8.0.4  255.255.255.252 On-link  10.8.0.6276
  10.8.0.6  255.255.255.255 On-link  10.8.0.6276
  10.8.0.7  255.255.255.255 On-link  10.8.0.6276



 I'm a little stumped as to how to trouble shoot the issue so any help much 
 appreciated.


 James



 ___
 freebsd-jail@freebsd.org mailing list
 https://lists.freebsd.org/mailman/listinfo/freebsd-jail
 To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

>>>
 Try running 'tcpdump -i tun0 -n' on the host, while pining from the
 windows machine, and see if the packets are arriving.

 --
 Allan Jude
>>>
>>>
>>> Thank you Allan,
>>>
>>> I should have thought of tcpdump. So traffic is being received at the host 
>>> from the windows client.
>>>
>>> Results from Host tcpdump -i tun0 -n
>>>
>>> 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 10577, 
>>> length 40
>>> 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
>>> 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
>>> 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>>> (34)
>>> 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? dns.msftncsi.com. 
>>> (34)
>>>
>>> After that I thought I'd see if the traffic is reaching the jail. After 
>>> allow the jail access to /dev/bpf I get the same results as the host, 
>>> traffic is received.
>>>
>>> Results from Jail tcpdump -i tun0 -n
>>>
>>> 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>>> (34)
>>> 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? dns.msftncsi.com. 
>>> (34)
>>> 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? dns.msftncsi.com. 
>>> (34)
>>> 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: Flags [S], seq 
>>> 3139281876, win 8192, options [mss 1368,nop,wscale 8,nop,nop,sackOK], 
>>> length 0
>>> 19:09:13.981307 IP 10.8.0.6.57108 > 212.56.71.30.443: Flags [S], seq 
>>> 4152048904, win 8192, op

Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

2015-10-23 Thread Allan Jude
On 2015-10-23 17:25, James Lodge wrote:
> 
>> On 2015-10-23 16:45, James Lodge wrote:
>>
>>> On 2015-10-23 15:15, James Lodge wrote:
>>> On 2015-10-23 14:13, James Lodge wrote:
> On 2015-10-23 11:37, James Lodge wrote:
> Hello all,
>
>
> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
> OpenVPN. I'm not using vimage and don't particularly want to but I'm 
> having an issue with networking.
>
>
> OpenVPN daemon is up and running and I can connect successfully as a 
> client. I receive an IP address as expected, but I cannot route traffic 
> to/from client/server. The routing table on the client (which is a 
> Windows machine) looks fine so I assume the issue is on the server side. 
> I have a tun interface created on the host and exposed to the jail via 
> devfs rules. The IP address on the tun interface is configure on the host 
> and not from the jail. I can ping the tun interface IP from the host and 
> the jail, but not from the client when connected.
>
>
> Client-public IP - lo1 (Jail alias Interface)--tun0 
> (OpenVPN Interface)
>
> 10.8.06  x.x.x.x   172.16.1.8 
>  10.8.0.1
>
>
>
> OpenVPN Jail Routing Table:
>
> Internet:
> DestinationGatewayFlags  Netif Expire
> 172.16.1.8 link#4 UH  lo1
>
> Jail Host Routing Table:
> Internet:
> DestinationGatewayFlags  Netif Expire
> defaultx.x.0.1 UGS  vtnet0
> 10.8.0.0   10.8.0.2   UGStun0
> 10.8.0.1  link#5 UHS lo0
> 10.8.0.2  link#5 UH tun0
> x.x.0.0/18  link#1 Uvtnet0
> x.x.x.x link#1 UHS lo0
> localhostlink#3 UH  lo0
> 172.16.1.1 link#4 UH  lo1
> 172.16.1.2 link#4 UH  lo1
> 172.16.1.3 link#4 UH  lo1
> 172.16.1.4 link#4 UH  lo1
> 172.16.1.5 link#4 UH  lo1
> 172.16.1.6 link#4 UH  lo1
> 172.16.1.7 link#4 UH  lo1
> 172.16.1.8 link#4 UH  lo1
>
> Client Routing Table:
>
> IPv4 Route Table
> ===
> Active Routes:
> Network DestinationNetmask  Gateway   Interface  
> Metric
>   0.0.0.0  0.0.0.0 10.8.0.5 10.8.0.6 
> 20
>  10.8.0.1  255.255.255.255 10.8.0.5 10.8.0.6 
> 20
>  10.8.0.4  255.255.255.252 On-link  10.8.0.6
> 276
>  10.8.0.6  255.255.255.255 On-link  10.8.0.6
> 276
>  10.8.0.7  255.255.255.255 On-link  10.8.0.6
> 276
>
>
>
> I'm a little stumped as to how to trouble shoot the issue so any help 
> much appreciated.
>
>
> James
>
>
>
> ___
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>

> Try running 'tcpdump -i tun0 -n' on the host, while pining from the
> windows machine, and see if the packets are arriving.
>
> --
> Allan Jude


 Thank you Allan,

 I should have thought of tcpdump. So traffic is being received at the host 
 from the windows client.

 Results from Host tcpdump -i tun0 -n

 18:44:02.464291 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 
 10577, length 40
 18:44:02.605212 IP 10.8.0.6.56054 > 192.168.0.112.80: Flags [S], seq 
 512633761, win 8192, options [mss 1368,nop,nop,sackOK], length 0
 18:44:02.872693 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? 
 dns.msftncsi.com. (34)
 18:44:03.864800 IP 10.8.0.6.57441 > 8.8.8.8.53: 44379+ A? 
 dns.msftncsi.com. (34)

 After that I thought I'd see if the traffic is reaching the jail. After 
 allow the jail access to /dev/bpf I get the same results as the host, 
 traffic is received.

 Results from Jail tcpdump -i tun0 -n

 19:09:11.899714 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? 
 dns.msftncsi.com. (34)
 19:09:12.728708 IP 10.8.0.6.62332 > 8.8.8.8.53: 22238+ A? 
 dns.msftncsi.com. (34)
 19:09:12.802903 IP 10.8.0.6.58706 > 8.8.8.8.53: 33345+ A? 
 dns.msftncsi.com. (34)
 19:09:13.825053 IP 10.8.0.6.57107 > 212.56.71.30.443: F