Connectivity issues are a pain to deal with, especially if they are impacting your business. Because there are many variables involved in such an issue, the problem can be seemingly impossible to solve despite the amount of effort you put in to attempt to correct the issue. That said, with the correct diagnostic tools, troubleshooting such a problem can be a manageable task.
Before you begin troubleshooting the issue(s) you are having, it might be wise to look at these common culprits:
If none of the aforementioned solutions resolve your problem, you may want to look into using a network sniffer to help identify the problem.
For Windows/Mac based machines, the sniffer can be downloaded here: http://www.wireshark.org/download.html
Wireshark is usually also available via most GUI based package managers within Linux, if you would prefer using a graphical interface.
For Linux (console, text based) based machines, the sniffer can be used by downloading the tcpdump package. This can be installed using the apt-get install tcpdump command in Ubuntu/Debian Linux distributions.
If using Wireshark, the network capture can be started by selecting the Capture menu, then the Options... option.
In the options dialog that appears, select the proper interface you would like the capture on. This is usually the outbound interface that provides the Internet connection to your other nodes. If you are using a WLAN connection, for example, this will usually be the Wireless Network Connection entry in the list. If you are uncertain which interface correlates to which network card in your system, consult the IP address field that appears when you select an interface from the dropdown list.
After the proper interface has been selected, populate a capture filter in the Capture Filter: field. This is usually provided by one of our support technicians.
Click Start to start the capture process.
To stop the capture, press the Stop button on the toolbar panel.
Once the capture has been stopped, you may save the capture data to a file by using the File -> Save As option.
If using tcpdump, you can either have tcpdump write its capture data directly to a file (without showing it on the screen), or simply display everything on the screen (without saving it to a file).
Unless directed by our support staff otherwise, use the writing to a file option. This allows our staff to look at the capture data more precisely than if only the screen data was captured.
To do a "write to file" capture, use the following command syntax:
tcpdump -i eth0 -w capture.pcap host 126.96.36.199
where eth0 is the interface you want to capture on, capture.pcap represents the file you want to write to, and host 188.8.131.52 is the capture filter provided by our support staff. If your system is not using eth0 as its outgoing interface, replace eth0 with the correct interface name as depicted by the ifconfig command.
After you invoke the command, you will see a message similar to the one below:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
and it might seem like nothing is happening. This is normal, as all the capture data is written to the file, and not to the screen. To interrupt or finish the capture process, simply press CTRL+C on your keyboard.
To do a screen capture instead, simply omit the -w capture.pcap command line option in the tcpdump command, and the results will be printed on the screen. Press CTRL+C to interrupt or finish the capturing process.
The follow capture scenarios are provided to help you setup your packet captures as such to complement your support ticket case. If you do not already have a ticket open, please visit the ticketing system at support.openvpn.net to open a case. Please be advised that support is only provided to paying customers with an active support license. Due to the high volume of inquiries received at our ticketing system, we are unable to provide assistance to free users or users with expired support licenses.
PRIOR to connecting to the server, start the packet capture on both the VPN server and the VPN client. If there is currently an connection attempt, cancel the connection attempt and wait 30 seconds prior to starting the packet captures. After the packet captures are started, initiate the VPN connection. Stop the packet capture when an error message is shown.
a) VPN Client Side Capture Filter: host [vpn server hostname or ip address here] or icmp or arp (e.g. host vpn1.exampletronix.com or icmp or arp) - capture on outgoing interface (e.g. WLAN)
b) VPN Server Side Capture Filter: host [vpn client external ip address here] or icmp or arp (e.g. host 184.108.40.206 or icmp or arp - if you do not know what the external IP of your VPN client is, go to http://www.whatismyip.com/ and note the numerical IPv4 address) - capture on outgoing interface (e.g. eth0)
Note: If you are using a proxy server to connect to your VPN server, use host [proxy server ip address / hostname here] or host [vpn server hostname or ip address here] or icmp or arp for your VPN client side capture filter instead (e.g. host 192.168.0.38 or host vpn1.exampletronix.com or icmp or arp).
PRIOR to connecting to the server, start the capture on all three nodes. If a network share is currently open, close it, and wait 30 seconds prior to starting the packet captures. After the packet captures are started, start the file transfer across your VPN connection. If an error message is shown, or a significant degradation is obvious, cancel the file transfer, wait 15 seconds, and then stop the packet captures.
In order to reduce the amount of data you need to send to our ticketing system, please use a highly compressible test file for testing your VPN connection. To download a compressed test file which is highly compressed (100MB, compressed down to ~100KB, please use the following link: http://as.thedavid.net/100MB.zip)
a) VPN Client Side Capture Filter: tcp port 445 or icmp or arp - capture on TAP32 or tun0 interface (OpenVPN's interface)
b) VPN Server Side Capture Filter: tcp port 445 or icmp or arp - capture on outgoing interface (e.g. eth0)
c) File Server Side Capture Filter: tcp port 445 or icmp or arp - capture on outgoing interface (e.g. LAN)
After you are done with the packet captures, please gather all the capture filters from all the involved machines, and rename the files descriptively as to the origin of the capture. For example, if the packet capture came from the VPN server, it would be appropriate for you to name the packet capture vpnserver.pcap. For Linux computers, you may need to use a SFTP client such as Filezilla or Cyberduck to retrieve these capture files remotely if you do not have direct access to the server itself.
Next, using an archiving (ZIP) tool, compress all of these files and attach them to your support ticket. A support specialist will analyze your network captures, and will provide you with the overall findings.