Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
openvpn : IP packet with unknown IP version=15 seen [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tender
Tux's lil' helper
Tux's lil' helper


Joined: 05 Nov 2005
Posts: 138

PostPosted: Wed Sep 12, 2018 8:09 pm    Post subject: openvpn : IP packet with unknown IP version=15 seen [solved] Reply with quote

I have a gentoo router with two openvpn instances (v2.4.6, udp and tcp) and every minute some log messages appear, regardless of the server connected to a client or idle :

Code:
Sep 12 15:42:50 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen
Sep 12 15:42:50 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen
Sep 12 15:43:51 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen
Sep 12 15:43:51 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen
Sep 12 15:44:53 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen
Sep 12 15:44:53 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen


For example, on tun1 server side (tcp, but the same for udp) , when the vpn is not in use, that is no client is connected, the server is idle, with tcpdump I see this:

Code:
lowpower2 ~ # tcpdump -n -X -i tun1
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun1, link-type RAW (Raw IP), capture size 262144 bytes
15:37:42.981853 unknown ip 15
        0x0000:  ffff ffff ffff 0000 0000 0000 88a2 1000  ................
        0x0010:  ffff ff01 0000 0000 0000 0000 0000 0000  ................
15:38:44.421849 unknown ip 15
        0x0000:  ffff ffff ffff 0000 0000 0000 88a2 1000  ................
        0x0010:  ffff ff01 0000 0000 0000 0000 0000 0000  ................
15:39:45.861854 unknown ip 15
        0x0000:  ffff ffff ffff 0000 0000 0000 88a2 1000  ................
        0x0010:  ffff ff01 0000 0000 0000 0000 0000 0000  ................


This is the server configuration for udp

Code:
user nobody
group nobody

port 563
proto udp
multihome
dev tun0
persist-key
persist-tun

ca /etc/openvpn/server-multi/ca.crt
cert /etc/openvpn/server-multi/lowpower2.crt
key /etc/openvpn/server-multi/lowpower2.key
dh /etc/openvpn/server-multi/dh2048.pem
tls-auth /etc/openvpn/server-multi/ta.key 0

cipher AES-256-CBC
auth SHA512

ifconfig-pool-persist /etc/openvpn/server-udp-multi/ipp.txt

server 192.168.20.0 255.255.255.0
push "route 192.168.0.0 255.255.255.248"
push "route 192.168.11.0 255.255.255.0"
push "route 192.168.12.0 255.255.255.0"
push "route 192.168.13.0 255.255.255.0"
push "route 192.168.14.0 255.255.255.0"

keepalive 10 60
verb 3
max-clients 10


This is the server configuration for tcp

Code:
user nobody
group nobody

port 1494
proto tcp-server
dev tun1
persist-key
persist-tun

ca /etc/openvpn/server-multi/ca.crt
cert /etc/openvpn/server-multi/lowpower2.crt
key /etc/openvpn/server-multi/lowpower2.key
dh /etc/openvpn/server-multi/dh2048.pem
tls-auth /etc/openvpn/server-multi/ta.key 0

cipher AES-256-CBC
auth SHA512

ifconfig-pool-persist /etc/openvpn/server-tcp-multi/ipp.txt

server 192.168.21.0 255.255.255.0
push "route 192.168.0.0 255.255.255.248"
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.11.0 255.255.255.0"
push "route 192.168.12.0 255.255.255.0"
push "route 192.168.13.0 255.255.255.0"
push "route 192.168.14.0 255.255.255.0"

keepalive 10 60
verb 3
max-clients 10


This are the use flags:

Code:
Installed versions:  2.4.6(08:40:56 PM 09/11/2018)(iproute2 ssl -down-root -examples -inotify -libressl -lz4 -lzo -mbedtls -pam -pkcs11 -plugins -selinux -static -systemd -test KERNEL="linux" USERLAND="-BSD")


This the kernel:

Code:
Linux lowpower2 4.14.65-gentoo #3 SMP Thu Sep 6 22:05:43 CEST 2018 x86_64 Intel(R) Atom(TM) CPU D425 @ 1.80GHz GenuineIntel GNU/Linux



What is it due to? What type of packet is it?
Is it possible to eliminate the warning message without decreasing the verbosity level?

Thanks


Last edited by Tender on Fri Sep 14, 2018 7:22 pm; edited 1 time in total
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Thu Sep 13, 2018 5:09 am    Post subject: Reply with quote

Hi,

check for comp-lzo either enabled or disabled on both sides.

greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Tender
Tux's lil' helper
Tux's lil' helper


Joined: 05 Nov 2005
Posts: 138

PostPosted: Thu Sep 13, 2018 6:21 am    Post subject: Reply with quote

bbgermany wrote:
Hi,

check for comp-lzo either enabled or disabled on both sides.

greets, bb


The clients are not involved, it happens as soon as the server istances are started.
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Fri Sep 14, 2018 3:35 pm    Post subject: Reply with quote

Do you have ATA over Ethernet in use? There was an article about this issue in combination with ATAoE.

If yes, have a look here: https://www.toofishes.net/blog/ and https://askubuntu.com/questions/233396/openvpn-logs-ip-packet-with-unknown-ip-version-15

greet, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Tender
Tux's lil' helper
Tux's lil' helper


Joined: 05 Nov 2005
Posts: 138

PostPosted: Fri Sep 14, 2018 7:21 pm    Post subject: Reply with quote

bbgermany wrote:
Do you have ATA over Ethernet in use? There was an article about this issue in combination with ATAoE.

If yes, have a look here: https://www.toofishes.net/blog/ and https://askubuntu.com/questions/233396/openvpn-logs-ip-packet-with-unknown-ip-version-15

greet, bb


Oh, finally, that's right!

I saw 0x88A2 in tcpdump but I did not relate it with AoE, because I thought data packets in tun interfaces can not belong to layer2.

Thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum