[vpn-help] tcpdump not showing traffic for tap0

Dugen 42 dugen42 at gmail.com
Mon Mar 21 20:42:25 CDT 2011 

I'm having an interesting problem which seems different from ones I have
read about and it may be a bug with the tap/tun device driver or it may be
something stupid I'm doing wrong but I can't figure out what it might be.

To start with, my VPN works.  I imported from a cisco pcf file.  It
configures a tap0 interface, assigns an IP.  It's passing traffic.  DNS
resolution is working.  Pings work.  Web pages load.  Everything seems fine,
but if I run "tcpdump -i tap0" it sees nothing even when the VPN is passing
traffic.

Here's the interesting thing.. when I run "tcpdump -i any icmp -n -e" to
snoop all interfaces for ICMP traffic, then ping something over the VPN, I
see incoming traffic, but the MAC address listed on the traffic shows it
going to my eth0 MAC address.  Double checking with "tcpdump -i eth0" I see
the incoming VPN packets (not encoded.. actual ICMP packets with source
being the machine I'm pinging and the destination being the tap0's
configured IP.)   It's as if the kernel is getting the packets but it thinks
they are coming in from eth0.

I can't find a way to see the outgoing traffic at all.  "tcpdump -i any"
doesn't see it, nor does looking at tap0 or lo.  This seems impossible, and
yet I've run into it on two installs. One is Ubuntu 10.04 and the other is
10.10.  I installed the 10.10 clean just to test this.  I'm using Shrewsoft
2.1.7 I compiled myself and I had to turn off the rp_filter stuff in
/etc/sysctl.conf (which itslef might be an indication of an issue) but I'm
using all the stock Ubuntu stuff outside of that.  I'm not above installing
other OSs if this is a known issue with Ubuntu but I can't see how it would
be.

I ran into this problem because I'm trying to set up the interface to
masquerade and it looks like it's working for the outgoing packets, but the
incoming packets aren't being translated back.  I'm guessing it's not just
tcpdump that this problem is affecting.

Is this a known issue?  Does tcpdump actually work for most people on tap0?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110321/50b8230d/attachment-0001.html>

More information about the vpn-help mailing list