[Openvpn-users] Forced disconnect on TCP
Hi all, I've got a peculiar situation: When setting up a tunnel with http encapsulation, all seems to work OK, However, after starting a Citrix-session and a Skype4Business meeting, the tunnel is aborted, SEEMINGLY by the server. (note: seemingly) I can restart the session, but with minutes (varying in time) the tunnel is broken again. If I perform identical actions un an UDP-tunnel, there is never a problem, and my tunnel stands for hours, if not days. Before giving specific details, I was wondering: 1) As Citrix is doing TCP, is it possible that TCP-in-TCP can blow the tunnel? 2) The log on client side shows nothing peculiar, however, on server-side I notice "ping-exit", which is strange, as during a skype meeting data is continuously flowing both sides on. 3) Much to my horror, I noticed I share this fate daily with hundreds of other users (but they might hardly notice it) 4) Should I focus on the VPN-instances at either side, OR could common shared firewalls and reversed-proxy taken into account? http-decapsulation is done by a single machine. Could it be that the amount of traffic on 443 is regarded as an attack, and hence broken down? Met vriendelijke groet, Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource Coldenhovelaan 1 Maasland 3531RC Coldehovelaan 1, kamer B213 Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Openvpn en openwrt
> Buenos días, quisiera montar un servidor openvpn en un router tplink con > openwrt, podrian ayudarme. > Instalo el paquete necesario, en vpn, openvpn configurado los parametros, > creo la interfaz, mediante la interfaz web luci, pero no se si lo realizo > bien ya que no consigo conexión. podrian especificarme como se podria > realizar todo el proceso desde la interfaz web luci, creacion reglas > necesarias, puertos, etc. saludos Creo que te conviene preguntar en un forum openwrt en vez de acá. Stefan ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] Facetime bypassing the tunnel
Hi all, Facetime is bypassing the tunnel setup via openVPN. Is that expected? Is there any workaround for it? To be precise, I have set up an openVPN client on an iOS device and connected to the openVPN server running on an ubuntu machine. I notice that the Facetime from the iOS device is bypassing the vpn tunnel. Similar behavior with Google hangouts. And wonder if there is a known issue and something obvious that I might be missing. thanks for reading and taking the time to respond. -- *Aarti Anand, * ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Facetime bypassing the tunnel
Dajka, thank you for responding! I actually have been using an IPv6 over an IPv4 tunnel. Do I need to setup an IPv6 tunnel? or IPv6 addresses over an IPv4 tunnel should work? thanks, -- *Aarti Anand, PhD* *Sr Software Engineer, Advanced Technology Group* *CableLabs, Inc* *Email:a.mun...@cablelabs.com * *Office: +1 303-661-3790* On Wed, Aug 5, 2020 at 3:50 PM Dajka Tamás wrote: > Hi, > > > > without knowing your exact configuration it’s pretty hard to answer J My > first guess would be, that your tunnel is IPv4 only, while facetime and > hangouts uses IPv6 (and the client has an IPv6 address). > > > > Cheers, > > > >Tom > > > > *From:* Aarti Anand [mailto:aarti.mun...@gmail.com] > *Sent:* Wednesday, August 5, 2020 11:40 PM > *To:* Openvpn-users@lists.sourceforge.net > *Subject:* [Openvpn-users] Facetime bypassing the tunnel > > > > Hi all, Facetime is bypassing the tunnel setup via openVPN. Is that > expected? Is there any workaround for it? > > > > To be precise, I have set up an openVPN client on an iOS device and > connected to the openVPN server running on an ubuntu machine. I notice that > the Facetime from the iOS device is bypassing the vpn tunnel. > Similar behavior with Google hangouts. And wonder if there is a known issue > and something obvious that I might be missing. thanks for reading and > taking the time to respond. > > > > > > -- > > *Aarti Anand, * > ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Facetime bypassing the tunnel
Hi, I think it's a known "feature" that some apple services including facetime bypasses the VPN tunnel. See the link below which is for the connect client, but the community version should behave the same in this particular case. https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/ Selva On Wed, Aug 5, 2020 at 5:55 PM Aarti Anand wrote: > > Dajka, thank you for responding! I actually have been using an IPv6 over an > IPv4 tunnel. Do I need to setup an IPv6 tunnel? or IPv6 addresses over an > IPv4 tunnel should work? > > thanks, > > -- > > Aarti Anand, PhD > > Sr Software Engineer, Advanced Technology Group > > CableLabs, Inc > > Email:a.mun...@cablelabs.com > > Office: +1 303-661-3790 > > > > On Wed, Aug 5, 2020 at 3:50 PM Dajka Tamás wrote: >> >> Hi, >> >> >> >> without knowing your exact configuration it’s pretty hard to answer J My >> first guess would be, that your tunnel is IPv4 only, while facetime and >> hangouts uses IPv6 (and the client has an IPv6 address). >> >> >> >> Cheers, >> >> >> >>Tom >> >> >> >> From: Aarti Anand [mailto:aarti.mun...@gmail.com] >> Sent: Wednesday, August 5, 2020 11:40 PM >> To: Openvpn-users@lists.sourceforge.net >> Subject: [Openvpn-users] Facetime bypassing the tunnel >> >> >> >> Hi all, Facetime is bypassing the tunnel setup via openVPN. Is that >> expected? Is there any workaround for it? >> >> >> >> To be precise, I have set up an openVPN client on an iOS device and >> connected to the openVPN server running on an ubuntu machine. I notice that >> the Facetime from the iOS device is bypassing the vpn tunnel. Similar >> behavior with Google hangouts. And wonder if there is a known issue and >> something obvious that I might be missing. thanks for reading and taking the >> time to respond. >> >> >> >> >> >> -- >> >> Aarti Anand, > > ___ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Facetime bypassing the tunnel
Hi, without knowing your exact configuration it’s pretty hard to answer :) My first guess would be, that your tunnel is IPv4 only, while facetime and hangouts uses IPv6 (and the client has an IPv6 address). Cheers, Tom From: Aarti Anand [mailto:aarti.mun...@gmail.com] Sent: Wednesday, August 5, 2020 11:40 PM To: Openvpn-users@lists.sourceforge.net Subject: [Openvpn-users] Facetime bypassing the tunnel Hi all, Facetime is bypassing the tunnel setup via openVPN. Is that expected? Is there any workaround for it? To be precise, I have set up an openVPN client on an iOS device and connected to the openVPN server running on an ubuntu machine. I notice that the Facetime from the iOS device is bypassing the vpn tunnel. Similar behavior with Google hangouts. And wonder if there is a known issue and something obvious that I might be missing. thanks for reading and taking the time to respond. -- Aarti Anand, ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Facetime bypassing the tunnel
That is hard to find even by my severe standards.. On 05/08/2020 23:01, Selva Nair wrote: Hi, I think it's a known "feature" that some apple services including facetime bypasses the VPN tunnel. See the link below which is for the connect client, but the community version should behave the same in this particular case. https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/ Selva On Wed, Aug 5, 2020 at 5:55 PM Aarti Anand wrote: Dajka, thank you for responding! I actually have been using an IPv6 over an IPv4 tunnel. Do I need to setup an IPv6 tunnel? or IPv6 addresses over an IPv4 tunnel should work? thanks, -- Aarti Anand, PhD Sr Software Engineer, Advanced Technology Group CableLabs, Inc Email:a.mun...@cablelabs.com Office: +1 303-661-3790 On Wed, Aug 5, 2020 at 3:50 PM Dajka Tamás wrote: Hi, without knowing your exact configuration it’s pretty hard to answer J My first guess would be, that your tunnel is IPv4 only, while facetime and hangouts uses IPv6 (and the client has an IPv6 address). Cheers, Tom From: Aarti Anand [mailto:aarti.mun...@gmail.com] Sent: Wednesday, August 5, 2020 11:40 PM To: Openvpn-users@lists.sourceforge.net Subject: [Openvpn-users] Facetime bypassing the tunnel Hi all, Facetime is bypassing the tunnel setup via openVPN. Is that expected? Is there any workaround for it? To be precise, I have set up an openVPN client on an iOS device and connected to the openVPN server running on an ubuntu machine. I notice that the Facetime from the iOS device is bypassing the vpn tunnel. Similar behavior with Google hangouts. And wonder if there is a known issue and something obvious that I might be missing. thanks for reading and taking the time to respond. -- Aarti Anand, ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
