How to capture Wireshark logs for OpenVPN client-server setup?

[M0hanrajp]

Hello All,

• Using WSL2, Ubuntu 24.04 LTS.

Execution steps

• docker image that runs OpenVPN 'access server'.
  • I have downloaded .ovpn configurations from access server.
  • I have configured admin to run at '127.0.0.1:943'.
• I have installed 'openvpn' through 'apt install'.
• I do 'sudo openvpn .ovpn

My client connects to server without any issue.

Expectations

• I'm capturing .pcap files on windows with wireshark application by using 'hyperv' interface.
• There are no packets recorded when I perform the scenario (connection process).

I need to learn how OpenVPN works and this is one of the way in which (per my understanding
till now) that will help me to learn the connection process.

note:

When I change my client ip to some other ip (which will fail intentionally) I do see 'OpenVPN' packets which fail.

I want to capture the entire connection process of client connecting to server (if possible with TLS decoded)

[cron2]

if client and server talk to each other inside the WSL instance, you will not see anything when looking on the outside ("there is nothing to see").

But even then, looking at the packets is not what will make you understand how openvpn works - these are encrypted, so you'll see a TLS handshake (which is not that different from a web server TCP handshake) and then "encrypted packets".

[M0hanrajp]

if client and server talk to each other inside the WSL instance, you will not see anything when looking on the outside ("there is nothing to see").

I'm not looking outside, I'm using wireshark's WSL"s hyperv interface feature that allows me to capture WSL packets and I have already tested it and works, but I don't see OpenVPN related packets.

[schwabe]

you see connection attempts in your wireshark and icmp rejects because nothing is listening on the other side. IT seems you need to fix your VPN setup first. This wireshark dump does not match a fine running client. And we are not expert in this strange setup.

As a sidenote, with tls-crypt-v2 active you will not see much anyway as it using symmetric outer encryption. See openvpn manpage.

[M0hanrajp]

@schwabe, I have a running setup already, my problem was only that I was not able to capture the packets.

[M0hanrajp]

Hello All, as a workaround I have installed wirehshark in my WSL ubuntu distro, and I'm able to capture the packets, not sure why windows hyper-v interface does not capture all the traffic, closing the discussion for now.