<tt>I'm having an interesting problem which seems different from ones I
have read about and it may be a bug with the tap/tun device driver or
it may be something stupid I'm doing wrong but I can't figure out what
it might be. <br>
<br>
To start with, my VPN works. I imported from a cisco pcf file. It
configures a tap0 interface, assigns an IP. It's passing traffic. DNS
resolution is working. Pings work. Web pages load. Everything seems
fine, but if I run "tcpdump -i tap0" it sees nothing even when the VPN is passing traffic. <br>
<br>
Here's the interesting thing.. when I run "tcpdump -i any icmp -n -e"
to snoop all interfaces for ICMP traffic, then ping something over the
VPN, I see incoming traffic, but the MAC address listed on the traffic
shows it going to my eth0 MAC address. Double checking with "tcpdump
-i eth0" I see the incoming VPN packets (not encoded.. actual ICMP
packets with source being the machine I'm pinging and the destination
being the tap0's configured IP.) It's as if the kernel is getting the
packets but it thinks they are coming in from eth0. <br>
<br>
I can't find a way to see the outgoing traffic at all. "tcpdump -i any" doesn't see it, nor does looking at tap0 or lo. This seems impossible, and yet I've run into it on two installs. One is Ubuntu 10.04 and the other is 10.10. I installed the 10.10
clean just to test this. I'm using Shrewsoft 2.1.7 I compiled myself
and I had to turn off the rp_filter stuff in /etc/sysctl.conf (which itslef might be an indication of an issue) but I'm using all the stock Ubuntu stuff outside of that. I'm not
above installing other OSs if this is a known issue with Ubuntu but I can't see how it would be. <br>
<br>
I ran into this problem because I'm trying to set up the interface to masquerade and it looks like it's working for the outgoing packets, but the incoming packets aren't being translated back. I'm guessing it's not just tcpdump that this problem is affecting. <br>
<br>Is this a known issue? Does tcpdump actually work for most people on tap0?<br></tt>