# openvpn : IP packet with unknown IP version=15 seen [solved]

## Tender

I have a gentoo router with two openvpn instances (v2.4.6, udp and tcp) and every minute some log messages appear, regardless of the server connected to a client or idle :

```
Sep 12 15:42:50 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen

Sep 12 15:42:50 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen

Sep 12 15:43:51 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen

Sep 12 15:43:51 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen

Sep 12 15:44:53 lowpower2 openvpn[6505]: IP packet with unknown IP version=15 seen

Sep 12 15:44:53 lowpower2 openvpn[18725]: IP packet with unknown IP version=15 seen
```

For example, on tun1 server side (tcp, but the same for udp) , when the vpn is not in use, that is no client is connected, the server is idle, with tcpdump I see this:

```
lowpower2 ~ # tcpdump -n -X -i tun1

dropped privs to tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on tun1, link-type RAW (Raw IP), capture size 262144 bytes

15:37:42.981853 unknown ip 15

        0x0000:  ffff ffff ffff 0000 0000 0000 88a2 1000  ................

        0x0010:  ffff ff01 0000 0000 0000 0000 0000 0000  ................

15:38:44.421849 unknown ip 15

        0x0000:  ffff ffff ffff 0000 0000 0000 88a2 1000  ................

        0x0010:  ffff ff01 0000 0000 0000 0000 0000 0000  ................

15:39:45.861854 unknown ip 15

        0x0000:  ffff ffff ffff 0000 0000 0000 88a2 1000  ................

        0x0010:  ffff ff01 0000 0000 0000 0000 0000 0000  ................
```

This is the server configuration for udp

```
user nobody

group nobody

port 563

proto udp

multihome

dev tun0

persist-key

persist-tun

ca /etc/openvpn/server-multi/ca.crt

cert /etc/openvpn/server-multi/lowpower2.crt

key /etc/openvpn/server-multi/lowpower2.key

dh /etc/openvpn/server-multi/dh2048.pem

tls-auth /etc/openvpn/server-multi/ta.key 0

cipher AES-256-CBC

auth SHA512

ifconfig-pool-persist /etc/openvpn/server-udp-multi/ipp.txt

server 192.168.20.0 255.255.255.0

push "route 192.168.0.0 255.255.255.248"

push "route 192.168.11.0 255.255.255.0"

push "route 192.168.12.0 255.255.255.0"

push "route 192.168.13.0 255.255.255.0"

push "route 192.168.14.0 255.255.255.0"

keepalive 10 60

verb 3

max-clients 10
```

This is the server configuration for tcp

```
user nobody

group nobody

port 1494

proto tcp-server

dev tun1

persist-key

persist-tun

ca /etc/openvpn/server-multi/ca.crt

cert /etc/openvpn/server-multi/lowpower2.crt

key /etc/openvpn/server-multi/lowpower2.key

dh /etc/openvpn/server-multi/dh2048.pem

tls-auth /etc/openvpn/server-multi/ta.key 0

cipher AES-256-CBC

auth SHA512

ifconfig-pool-persist /etc/openvpn/server-tcp-multi/ipp.txt

server 192.168.21.0 255.255.255.0

push "route 192.168.0.0 255.255.255.248"

push "route 192.168.1.0 255.255.255.0"

push "route 192.168.11.0 255.255.255.0"

push "route 192.168.12.0 255.255.255.0"

push "route 192.168.13.0 255.255.255.0"

push "route 192.168.14.0 255.255.255.0"

keepalive 10 60

verb 3

max-clients 10
```

This are the use flags:

```
Installed versions:  2.4.6(08:40:56 PM 09/11/2018)(iproute2 ssl -down-root -examples -inotify -libressl -lz4 -lzo -mbedtls -pam -pkcs11 -plugins -selinux -static -systemd -test KERNEL="linux" USERLAND="-BSD")
```

This the kernel:

```
Linux lowpower2 4.14.65-gentoo #3 SMP Thu Sep 6 22:05:43 CEST 2018 x86_64 Intel(R) Atom(TM) CPU D425 @ 1.80GHz GenuineIntel GNU/Linux
```

What is it due to? What type of packet is it?

Is it possible to eliminate the warning message without decreasing the verbosity level?

ThanksLast edited by Tender on Fri Sep 14, 2018 7:22 pm; edited 1 time in total

----------

## bbgermany

Hi,

check for comp-lzo either enabled or disabled on both sides.

greets, bb

----------

## Tender

 *bbgermany wrote:*   

> Hi,
> 
> check for comp-lzo either enabled or disabled on both sides.
> 
> greets, bb

 

The clients are not involved, it happens as soon as the server istances are started.

----------

## bbgermany

Do you have ATA over Ethernet in use? There was an article about this issue in combination with ATAoE.

If yes, have a look here: https://www.toofishes.net/blog/ and https://askubuntu.com/questions/233396/openvpn-logs-ip-packet-with-unknown-ip-version-15

greet, bb

----------

## Tender

 *bbgermany wrote:*   

> Do you have ATA over Ethernet in use? There was an article about this issue in combination with ATAoE.
> 
> If yes, have a look here: https://www.toofishes.net/blog/ and https://askubuntu.com/questions/233396/openvpn-logs-ip-packet-with-unknown-ip-version-15
> 
> greet, bb

 

Oh, finally, that's right!

I saw 0x88A2 in tcpdump but I did not relate it with AoE, because I thought data packets in tun interfaces can not belong to layer2.

Thanks

----------

