Network Routes only working partially

[kladderadeng]

Describe the problem
Sending a Ping over a Network Route into my LAN works, also when testing Port 80 of a Web Server in my LAN with Test-Netconnection 10.0.0.4 -port 80 works fine, but a Invoke-Webrequest http:/10.0.0.4 or trying to use a Webbrowser to get to that Website fails over the Route.

I defined a Network Route into my LAN and added a Linux Netbird Client (I use the Docker Image netbirdio/netbird:latest, which is 0.27.4) as the Routing peer. The other Netbird Client I am testing the connections is a Windows 2022 Server with Netbird 0.27.4 also.

A clear and concise description of what the problem is.

To Reproduce
Use 2 Netbird Clients. The machine the testing is done from is Windows Server 2022 with Netbird 0.27.4.
The Routing peer attached to the Network Route for Network 10.0.0.0/24 is a Linux Docker container using netbirdio/netbird:latest, which is 0.27.4 also.
Both peers can ping each other.
From the Windows VM you can Ping to the LAN, for example 10.0.0.4.
From the Linux Docker Container, you can Ping to the LAN, for example 10.0.0.4.
From the Windows VM, you can do a Test-Netconnection 10.0.0.4 -port 80 which works fine.
From the Linux Docker Container, you can do a nc -zv 10.0.0.4 80 which works fine.
From the Windows VM, a Invoke-Webrequest http://10.0.0.4 fails with "The underlying connection was closed: An unexpected error occurred on a receive.".
From the Linux Docker Container, you can do a wget http://10.0.0.4 which works fine.

Steps to reproduce the behavior:

1. Create a new Route to 10.0.0.0/24 and add a linux peer which runs Netbird in Docker and which sits in 10.0.0.0/24.
2. Put the Route into the Distribution Group All or create a new one, it does not matter. Make sure the Windows VM which should have access to 10.0.0.0/24 is in that group.
3. Enable the Route and leave Masquerade enabled, also we keep Metric 9999
4. Watch as the group gets propagated to the Windows VM and how the route is created. Also you can see the Route in the Netbird GUI and when running netbird status -d
5. Try to Ping a IP in the LAN -> Will work
6. Try to Test a Port of a System in the LAN -> Will work
7. Try to do a Invoke-Webrequest on a HTTP address in the LAN or just open one with your Browser (Edge in this case) and it will not work.

Expected behavior
Since Ping and Port testing works, I assumed that traffic flows through the tunnel, but it does not it seems.

Are you using NetBird Cloud?
I am using Netbird Self-Hosted,

NetBird version
Dashboard v2.3.0, Signal v0.27.4, Management 0.27.4.

NetBird status -d output:

Here is the output of the netbird Container that is acting as the bridge into the LAN:

Additional context
I tried the same with an Android Client, but with the same result. So the route seems to work partially. Since I get an ICMP response, I would assume that data can also flow back, so I am a bit lost about what the problem could be here.
My COTURN Server is dedicated to netbird, has 200 open ports and while testing only 3 peers were connected.

[lixmal]

Since you get a response, it's unlikely that's an issue with the route itself.

Could you connect to the container and dump some traffic?

docker exec -it xxx sh
apk add tcpdump
tcpdump -Ani wt0

Then run the http test from the windows box.
Maybe also a tracert <dest ip>

[kladderadeng]

Thank you very much @lixmal! Very good idea installing tcpdump, I did not think about that :-)

I did as you suggested and tried to open a website at 10.0.0.4, then did a tracert to 10.0.0.4 and then the same again.

The webbrowser failed as it did yesterday and the tracert went through. It looks like this:

PS C:\Users\vpntestadmin> tracert 10.0.0.4
Tracing route to 10.0.0.4 over a maximum of 30 hops
1 24 ms 27 ms 26 ms 100.104.225.154
2 24 ms 25 ms 25 ms 10.0.0.4
Trace complete.

The tcpdump is obviously a bit longer. In the dump, 100.104.32.248 is the Windows VM from where the tests are executed and 100.104.225.154 is the Netbird client in my LAN that acts as a gateway.

I am apologizing in advance for the length. I did not find a good way to post this. If I format it as code, it looks horrible and Quote would require me to enter 464 > ;-)
Update: Here is a Gist, maybe it is more readable: https://gist.github.com/kladderadeng/96273239804a210adef578d144b829b7

Before the wall of text starts. To me it seems like Masquerading is at least working, since there are packets that should flow from 10.0.0.4 to 100.104.32.248, which is the Windows VM.
If all this is not helpful, a tcpdump equivalent for Windows would be Wireshark I guess. I could do another trace at the same time on the Windows VM if that helps. I can fire up the test environment anytime, just let me know :-)

/ # tcpdump -Ani wt0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wt0, link-type RAW (Raw IP), snapshot length 262144 bytes
18:33:19.965836 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [SEW], seq 3870434966, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@....Wdh .
....@.P..&.........................
18:33:19.965836 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [SEW], seq 2548844507, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@....Vdh .
....A.P..G.........@...............
18:33:19.966484 IP 10.0.0.4.80 > 100.104.32.248.49984: Flags [S.], seq 3645237573, ack 3870434967, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
E..4..@.?.. ...dh ..P.@.E.E..&...r..*.............. 18:33:19.966521 IP 10.0.0.4.80 > 100.104.32.248.49985: Flags [S.], seq 3900528976, ack 2548844508, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 E..4..@.?..
...dh ..P.A.}YP..G...r..h..............
18:33:19.992998 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(..@....cdh .
....@.P..&..E.FP...u...
18:33:19.993061 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [P.], seq 1:438, ack 1, win 6146, length 437: HTTP: GET / HTTP/1.1
E.... @.....dh .
....@.P..&..E.FP....k..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:19.999821 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(.
@....adh .
....A.P..G..}YQP...#E..
18:33:20.292875 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [P.], seq 1:438, ack 1, win 6146, length 437: HTTP: GET / HTTP/1.1
E.....@.....dh .
....@.P..&..E.FP....k..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:20.591798 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [P.], seq 1:438, ack 1, win 6146, length 437: HTTP: GET / HTTP/1.1
E.....@.....dh .
....@.P..&..E.FP....k..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:20.592355 IP 10.0.0.4.80 > 100.104.32.248.49984: Flags [R], seq 3645237574, win 0, length 0
E..(..@.?..l
...dh ..P.@.E.F....P...._..
18:33:21.699061 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [SEW], seq 2677292346, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@....Pdh .
....C.P..=:........C...............
18:33:21.699132 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....A.P..G..}YQP....#..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:21.699722 IP 10.0.0.4.80 > 100.104.32.248.49987: Flags [S.], seq 2277799414, ack 2677292347, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
E..4..@.?..`
...dh ..P.C..u...=;..r..r..............
18:33:21.733570 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(..@....\dh .
....C.P..=;..u.P...jO..
18:33:21.975564 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....A.P..G..}YQP....#..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:22.274174 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....A.P..G..}YQP....#..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:22.274773 IP 10.0.0.4.80 > 100.104.32.248.49985: Flags [R], seq 3900528977, win 0, length 0
E..(..@.?..l
...dh ..P.A.}YQ....P.......
18:33:22.300638 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....C.P..=;..u.P...
...GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:22.579003 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....C.P..=;..u.P...
...GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:22.880226 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....C.P..=;..u.P...
...GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:22.880877 IP 10.0.0.4.80 > 100.104.32.248.49987: Flags [R], seq 2277799415, win 0, length 0
E..(..@.?..l
...dh ..P.C..u.....P..._-..
18:33:22.905110 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [SEW], seq 3186137730, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@....Hdh .
....N.P............................
18:33:22.905620 IP 10.0.0.4.80 > 100.104.32.248.49998: Flags [S.], seq 2340615, ack 3186137731, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
E..4..@.?..`
...dh ..P.N.#........r..[..............
18:33:22.930558 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(..@....Udh .
....N.P.....#..P...58..
18:33:22.930600 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....N.P.....#..P.......GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:23.168613 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....N.P.....#..P.......GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:23.469304 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E.....@.....dh .
....N.P.....#..P.......GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:23.469887 IP 10.0.0.4.80 > 100.104.32.248.49998: Flags [R], seq 2340616, win 0, length 0
E..(..@.?..l
...dh ..P.N.#......P.......
18:33:24.734111 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 1, length 72
E........C#dh .
...........................................................................
18:33:24.734181 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100
E..xr...@.;zdh..dh .........E........C#dh .
...........................................................................
18:33:24.761972 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 2, length 72
E........C"dh .
...........................................................................
18:33:24.762050 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100
E..xr...@.;vdh..dh .........E........C"dh .
...........................................................................
18:33:24.791590 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 3, length 72
E........C!dh .
...........................................................................
18:33:24.791650 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100
E..xr...@.;odh..dh .........E........C!dh .
...........................................................................
18:33:24.820895 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50
E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:33:24.820971 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86
E..jr...@.;|dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:33:26.347541 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50
E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:33:26.347613 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86
E..jr...@.;ydh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:33:27.858695 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50
E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:33:27.858750 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86
E..jr...@.;sdh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:33:28.511803 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [SEW], seq 3934874039, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@....@DH .
....O.P..i.........................
18:33:28.512440 IP 10.0.0.4.80 > 100.104.32.248.49999: Flags [S.], seq 1626195285, ack 3934874040, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
E..4..@.?.. ...dh ..P.O..U..i...r./l..............
18:33:28.539413 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [SEW], seq 1181941309, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@....?dh .
....P.PFr.=........................
18:33:28.539907 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(..@....Ldh .
....O.P..i...VP....H.. 18:33:28.539941 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 E.... @....|dh . ....O.P..i...VP...j'..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:28.540009 IP 10.0.0.4.80 > 100.104.32.248.50000: Flags [S.], seq 847636072, ack 1181941310, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
E..4..@.?.. ...dh ..P.P2..hFr.>..r.LQ.............. 18:33:28.562575 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 E..(.!@....Jdh . ....P.PFr.>2..iP....-.. 18:33:28.779495 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 E...."@....zdh . ....O.P..i...VP...j'..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:29.080277 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E....#@....ydh .
....O.P..i.`..VP...j'..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:29.080840 IP 10.0.0.4.80 > 100.104.32.248.49999: Flags [R], seq 1626195286, win 0, length 0
E..(..@.?..l
...dh ..P.O..V....P...6... 18:33:30.504728 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 4, length 72 E..\.$....B.dh . ........................................................................... 18:33:30.505402 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 4, length 72 E..\....?.7. ...dh ......................................................................... 18:33:30.529789 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 5, length 72 E..\.%....B.dh . ........................................................................... 18:33:30.530334 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 5, length 72 E..\....?.7. ...dh ......................................................................... 18:33:30.555466 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 6, length 72 E..\.&....B.dh . ........................................................................... 18:33:30.556026 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 6, length 72 E..\....?.7. ...dh ......................................................................... 18:33:33.775156 IP 10.0.0.4.80 > 100.104.32.248.50000: Flags [F.], seq 1, ack 1, win 3650, length 0 E..(.Y@.?... ...dh ..P.P2..iFr.>P..B.... 18:33:33.801936 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [.], ack 2, win 6146, length 0 E..(.'@....Ddh . ....P.PFr.>2..jP....,.. 18:33:56.745091 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 E..(.(@....Cdh . ....P.PFr.>2..jP....+.. 18:33:56.745091 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [SEW], seq 2448778205, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 E..4.)@....4dh . ....i.P..c.........*[.............. 18:33:56.745091 IP 100.104.32.248.50026 > 10.0.0.4.80: Flags [SEW], seq 2175071858, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 E..4.*@....3dh . ....j.P...r........................ 18:33:56.745860 IP 10.0.0.4.80 > 100.104.32.248.50025: Flags [S.], seq 3326930963, ack 2448778206, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 E..4..@.?..
...dh ..P.i.L....c...r.................
18:33:56.745904 IP 10.0.0.4.80 > 100.104.32.248.50026: Flags [S.], seq 10862452, ack 2175071859, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0
E..4..@.?..`
...dh ..P.j...t...s..r.q...............
18:33:56.770542 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(.+@....@DH .
....i.P..c..L..P.......
18:33:56.770607 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E....,@....pdh .
....i.P..c..L..P...8^..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:56.775736 IP 100.104.32.248.50026 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0
E..(.-@....>dh .
....j.P...s...uP.......
18:33:57.019472 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0
E..(..@....=dh .
....P.PFr.>2..jP....+..
18:33:57.044034 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E..../@....mdh .
....i.P..c..L..P...8^..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:57.343271 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1
E....0@....ldh .
....i.P..c..L..P...8^..GET / HTTP/1.1
Host: 10.0.0.4
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

18:33:57.343783 IP 10.0.0.4.80 > 100.104.32.248.50025: Flags [R], seq 3326930964, win 0, length 0
E..(..@.?..l
...dh ..P.i.L......P....a..
18:33:57.620279 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0
E..(.1@....:dh .
....P.PFr.>2..jP....+..
18:33:58.826049 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0
E..(.2@....9dh .
....P.PFr.>2..jP....+..
18:34:01.227865 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0
E..(.3@....8dh .
....P.PFr.>2..jP....+..
18:34:01.986200 IP 10.0.0.4.80 > 100.104.32.248.50026: Flags [F.], seq 1, ack 1, win 3650, length 0
E..(OX@.?.].
...dh ..P.j...u...sP..B.@..
18:34:02.010575 IP 100.104.32.248.50026 > 10.0.0.4.80: Flags [.], ack 2, win 6146, length 0
E..(.4@....7dh .
....j.P...s...vP.......
18:34:06.029860 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0
E..(.5@....6dh .
....P.PFr.>2..jP....+..
18:34:15.298560 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 7, length 72
E...6....C.dh .
...........................................................................
18:34:15.298620 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100
E..xu,..@.96dh..dh .........E...6....C.dh .
...........................................................................
18:34:15.324067 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 8, length 72
E...7....C.dh .
...........................................................................
18:34:15.324128 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100
E..xu/..@.93dh..dh .........E...7....C.dh .
...........................................................................
18:34:15.357292 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 9, length 72
E...8....C.dh .
.......... ................................................................
18:34:15.357352 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100
E..xu0..@.92dh..dh .........E...8....C.dh .
.......... ................................................................
18:34:15.385010 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50
E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:34:15.385084 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86
E..ju2..@.9>dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:34:15.629653 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [R.], seq 2, ack 2, win 0, length 0
E..(.9@....2dh .
....P.PFr.?2..jP....)..
18:34:16.909819 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50
E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:34:16.909835 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86
E..ju...@.8.dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:34:18.422984 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50
E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:34:18.423017 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86
E..jv...@.7.dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
18:34:21.267203 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 10, length 72
E...:....B.dh .
..........
................................................................
18:34:21.267841 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 10, length 72
E......?.-.
...dh ........
................................................................
18:34:21.293125 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 11, length 72
E...;....B.dh .
...........................................................................
18:34:21.293758 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 11, length 72
E......?.-.
...dh .........................................................................
18:34:21.319902 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 12, length 72
E...<....B.dh .
...........................................................................
18:34:21.320453 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 12, length 72
E......?.-.
...dh .........................................................................
^C
95 packets captured
95 packets received by filter
0 packets dropped by kernel
/ # exit

[myevit]

same

[kladderadeng]

same

I think it is different. Routes do get created for me as some traffic traverses the tunnels and some not. Maybe the root cause is similar, but the outcome is a bit different. In the end both of us have the issue that we can not utilize the routes ;-)

[kladderadeng]

Just a heads up:
After upgrading to 0.27.8 I did another test run today and it is still the same issue. With the "routing" fixes in the recent versions I hoped it was fixed, but this particular case is not.