Packet Capture Over OPENVPN

VoIP_Route · September 28, 2024, 3:12pm

I am trying to troubleshoot a VoIP problem at a remote clients location. They have a Balance 30 LTE FW 8.1.3 build 5172.

Should I be able to perform a packet capture in my office if I fire-up my OpenVPN session to their router and then use my IP that was given from the clients router? I just can’t get it to work at all.

Of course I am using this article for me setup:

Paul_Mossip · September 28, 2024, 8:18pm

I’m going to say it is doubtful that it will work. There are limitations to vpn clients (either L2TP or openvpn) I know the limitations exist on a FusionHub, I don’t have Openvpn to a real router, so I can’t verify.

Problem #1, via VPN you can’t manage the peplink device from the VPN… so the management interfaces don’t really want to talk to you.

Problem #2, traffic out to the LAN is NAT translated as coming from the Peplink LAN… not the IP address that you are assigned, so the -p 12345 won’t be translated on the return traffic.

Example:

OpenVPN tunnel.

utun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.11.1.207 → 10.11.1.210 netmask 0xffffff00
nd6 options=201<PERFORMNUD,DAD>

Address seen from client on protected networks:

paul@darkstar:~$ who
paul pts/13 2024-09-28 16:09 (10.11.1.157)

You can see that they don’t match, and that the 10…157 is the lan IP of the FusionHub.

If you set up a speedfusion tunnel into the Balance30 it will definitely work, no NAT involved and fully connected routing segments.

VoIP_Route · September 30, 2024, 1:07pm

@Paul_Mossip THANKS very much for the reply Paul, you really got me thinking deeper about this, so I ran some basic tests on a few of my Peplink networks and you are definitely correct, this will not work using basic OpenVPN VPN.

Here’s what I found:

PING my VPN IP from he router - FAIL
TRACERT my VPN IP from the router - FAIL
PING my VPN IP from a clients computer on the LAN - FAIL

The only item you mention that I didn’t quite understand was Problem #1 where you stated that you can’t manage the Peplink device from the VPN. Actually I can manage all the Peplink’s remotely over the VPN using the web gui and local IP.

I am checking now about setting up a SpeedFusion tunnel (first time)

Thanks,
James

Paul_Mossip · September 30, 2024, 1:43pm

I cannot manage my FusionHub systems via the VPN connected directly to them. Since my real routers are all CGNAT wan connected I haven’t tested with them.