View previous topic :: View next topic |
Author |
Message |
Tender Apprentice


Joined: 05 Nov 2005 Posts: 154
|
Posted: Wed Sep 12, 2018 8:09 pm Post subject: openvpn : IP packet with unknown IP version=15 seen [solved] |
|
|
I have a gentoo router with two openvpn instances (v2.4.6, udp and tcp) and every minute some log messages appear, regardless of the server connected to a client or idle :
Code: | Sep 12 15:42:50 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen
Sep 12 15:42:50 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen
Sep 12 15:43:51 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen
Sep 12 15:43:51 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen
Sep 12 15:44:53 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen
Sep 12 15:44:53 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen |
For example, on tun1 server side (tcp, but the same for udp) , when the vpn is not in use, that is no client is connected, the server is idle, with tcpdump I see this:
Code: | lowpower2 ~ # tcpdump -n -X -i tun1
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun1, link-type RAW (Raw IP), capture size 262144 bytes
15:37:42.981853 unknown ip 15
0x0000: ffff ffff ffff 0000 0000 0000 88a2 1000 ................
0x0010: ffff ff01 0000 0000 0000 0000 0000 0000 ................
15:38:44.421849 unknown ip 15
0x0000: ffff ffff ffff 0000 0000 0000 88a2 1000 ................
0x0010: ffff ff01 0000 0000 0000 0000 0000 0000 ................
15:39:45.861854 unknown ip 15
0x0000: ffff ffff ffff 0000 0000 0000 88a2 1000 ................
0x0010: ffff ff01 0000 0000 0000 0000 0000 0000 ................ |
This is the server configuration for udp
Code: | user nobody
group nobody
port 563
proto udp
multihome
dev tun0
persist-key
persist-tun
ca /etc/openvpn/server-multi/ca.crt
cert /etc/openvpn/server-multi/lowpower2.crt
key /etc/openvpn/server-multi/lowpower2.key
dh /etc/openvpn/server-multi/dh2048.pem
tls-auth /etc/openvpn/server-multi/ta.key 0
cipher AES-256-CBC
auth SHA512
ifconfig-pool-persist /etc/openvpn/server-udp-multi/ipp.txt
server 192.168.20.0 255.255.255.0
push "route 192.168.0.0 255.255.255.248"
push "route 192.168.11.0 255.255.255.0"
push "route 192.168.12.0 255.255.255.0"
push "route 192.168.13.0 255.255.255.0"
push "route 192.168.14.0 255.255.255.0"
keepalive 10 60
verb 3
max-clients 10 |
This is the server configuration for tcp
Code: | user nobody
group nobody
port 1494
proto tcp-server
dev tun1
persist-key
persist-tun
ca /etc/openvpn/server-multi/ca.crt
cert /etc/openvpn/server-multi/lowpower2.crt
key /etc/openvpn/server-multi/lowpower2.key
dh /etc/openvpn/server-multi/dh2048.pem
tls-auth /etc/openvpn/server-multi/ta.key 0
cipher AES-256-CBC
auth SHA512
ifconfig-pool-persist /etc/openvpn/server-tcp-multi/ipp.txt
server 192.168.21.0 255.255.255.0
push "route 192.168.0.0 255.255.255.248"
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.11.0 255.255.255.0"
push "route 192.168.12.0 255.255.255.0"
push "route 192.168.13.0 255.255.255.0"
push "route 192.168.14.0 255.255.255.0"
keepalive 10 60
verb 3
max-clients 10 |
This are the use flags:
Code: | Installed versions: 2.4.6(08:40:56 PM 09/11/2018)(iproute2 ssl -down-root -examples -inotify -libressl -lz4 -lzo -mbedtls -pam -pkcs11 -plugins -selinux -static -systemd -test KERNEL="linux" USERLAND="-BSD") |
This the kernel:
Code: | Linux lowpower2 4.14.65-gentoo #3 SMP Thu Sep 6 22:05:43 CEST 2018 x86_64 Intel(R) Atom(TM) CPU D425 @ 1.80GHz GenuineIntel GNU/Linux |
What is it due to? What type of packet is it?
Is it possible to eliminate the warning message without decreasing the verbosity level?
Thanks
Last edited by Tender on Fri Sep 14, 2018 7:22 pm; edited 1 time in total |
|
Back to top |
|
 |
bbgermany Veteran


Joined: 21 Feb 2005 Posts: 1799 Location: Oranienburg/Germany
|
Posted: Thu Sep 13, 2018 5:09 am Post subject: |
|
|
Hi,
check for comp-lzo either enabled or disabled on both sides.
greets, bb _________________ 1st: i5-7400, 16GB, 2TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 32GB, 14.5TB
4th: i5-3210M, 8GB, 512GB
5th: i5-3210M, 8GB, 120GB |
|
Back to top |
|
 |
Tender Apprentice


Joined: 05 Nov 2005 Posts: 154
|
Posted: Thu Sep 13, 2018 6:21 am Post subject: |
|
|
bbgermany wrote: | Hi,
check for comp-lzo either enabled or disabled on both sides.
greets, bb |
The clients are not involved, it happens as soon as the server istances are started. |
|
Back to top |
|
 |
bbgermany Veteran


Joined: 21 Feb 2005 Posts: 1799 Location: Oranienburg/Germany
|
Posted: Fri Sep 14, 2018 3:35 pm Post subject: |
|
|
Do you have ATA over Ethernet in use? There was an article about this issue in combination with ATAoE.
If yes, have a look here: https://www.toofishes.net/blog/ and https://askubuntu.com/questions/233396/openvpn-logs-ip-packet-with-unknown-ip-version-15
greet, bb _________________ 1st: i5-7400, 16GB, 2TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 32GB, 14.5TB
4th: i5-3210M, 8GB, 512GB
5th: i5-3210M, 8GB, 120GB |
|
Back to top |
|
 |
Tender Apprentice


Joined: 05 Nov 2005 Posts: 154
|
Posted: Fri Sep 14, 2018 7:21 pm Post subject: |
|
|
Oh, finally, that's right!
I saw 0x88A2 in tcpdump but I did not relate it with AoE, because I thought data packets in tun interfaces can not belong to layer2.
Thanks |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|