Quantcast
Channel: Active questions tagged openvpn - Unix & Linux Stack Exchange
Viewing all articles
Browse latest Browse all 827
↧

Martian packets after connecting with openvpn client

August 11, 2020, 1:42 am
$
0
0

Background:

I connect to a server via an openvpn client (v2.4.4) from the command line from behind a residential router running OpenWRT.

Lately, I've been seeing the following in my syslog:

Aug  8 17:16:28 Deluxe kernel: [12972.603549] IPv4: martian source 192.168.1.100 from 34.210.182.212, on dev eno1Aug  8 17:16:28 Deluxe kernel: [12972.603572] ll header: 00000000: d0 17 c2 ac 64 4b c4 e9 84 48 79 32 08 00        ....dK...Hy2..Aug  8 17:16:28 Deluxe kernel: [12972.910801] IPv4: martian source 192.168.1.100 from 34.210.182.212, on dev eno1Aug  8 17:16:28 Deluxe kernel: [12972.910822] ll header: 00000000: d0 17 c2 ac 64 4b c4 e9 84 48 79 32 08 00        ....dK...Hy2..Aug  8 17:16:28 Deluxe kernel: [12973.230932] IPv4: martian source 192.168.1.100 from 34.210.182.212, on dev eno1Aug  8 17:16:28 Deluxe kernel: [12973.230953] ll header: 00000000: d0 17 c2 ac 64 4b c4 e9 84 48 79 32 08 00        ....dK...Hy2..

The first MAC address in the ll header line is my NIC, the second is an ethernet interface on the router.

My route table looks like this before connecting:

[2020-08-08 ☱ 18:35 ☴]$ route -nKernel IP routing table                                                        Destination     Gateway         Genmask         Flags Metric Ref    Use Iface  0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eno1   192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eno1

And it looks like this after shortly after connecting:

[2020-08-08 ☱ 18:35 ☴]$ route -n                                                Kernel IP routing table                                                             Destination     Gateway         Genmask         Flags Metric Ref    Use Iface       0.0.0.0         10.25.40.1      128.0.0.0       UG    0      0        0 tun0        0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eno1        10.25.40.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0        128.0.0.0       10.25.40.1      128.0.0.0       UG    0      0        0 tun0        185.228.19.148  192.168.1.1     255.255.255.255 UGH   0      0        0 eno1        192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eno1

The host IP listed second from the bottom is the VPN gateway. The tun0 adapter is configured like so: inet 10.25.40.244 netmask 255.255.255.0 destination 10.25.40.244

After three to five minutes, martian traffic will die down and appear infrequently.

I've tested connecting via openvpn without the router in place (connecting directly to my modem) and the same occurs.

I'm going out on a limb here, but it seems like, when there's an abrupt change in routing (as occurs with a user-initiated VPN connection) established/related connections persist and are dropped as invalid. Over time, these connections die off.

Questions:

  1. Is my understanding of the cause of the martian packets correct?
  2. If I want to avoid dropping these packets, how can I do so? For example, could I use the nat or mangle tables in iptables to direct these packets to the tun interface?
↧
Search
Viewing all articles
Browse latest Browse all 827
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>