|
|
|
Hi folks. I have been using dev tap with my VPN very successfully a couple
of months but have now been testing dev tun instead. Everything is great
otherwise, but I get the following messages in the log in the server side: Sun Jan 9 18:10:41 2005 Markku_Leinio/193.166.XXX.XXX:1663 MULTI: bad source address from client [10.YYY.YYY.YYY], packet dropped It starts when I mount the network drive in my XP client ("net use x: \\inside.server\share"), and repeats while I use the share. Note that the 10.YYY address in brackets is the client assigned private IP address even though the client is behind a NAT router! So the address is neither the NAT-assigned public address nor the VPN tunnel IP address. What does this message mean, and how is the client private IP address visible to the OpenVPN server? This situation has been tested with two different end systems, in different NAT systems (and the NAT in question is not done in the VPN server but in the source network). NAT is working and also the client's public IP address is correctly shown in the log above (XXX address). In dev tap mode (no other changes in the configuration) there are absolutely no problems whatsoever. And this problem is only visible in the server logs, the share is working fine. Configurations follow: Server side (OpenVPN 2.0rc6, Debian GNU/Linux, kernel 2.4.27): ---------------------------------------------- dev tun port 2294 server 192.168.88.0 255.255.255.0 push "route vpn.server.address 255.255.255.255 net_gateway" push "route one.inside.network 255.255.255.0" push "route another.inside.network 255.255.255.0" push "explicit-exit-notify 2" keepalive 10 60 ca root.crt dh dh1024.pem cert vpn-server.crt key vpn-server.key crl-verify crl.pem duplicate-cn user nobody group nogroup persist-key persist-tun comp-lzo verb 3 Client side (OpenVPN 2.0rc6, Windows XP Pro SP2): --------------------------------- remote vpn.server.address dev tun port 2294 client ca "c:\\Program Files\\OpenVPN\\config\\root.crt" cert "c:\\Program Files\\OpenVPN\\config\\vpn-username.crt" key "c:\\Program Files\\OpenVPN\\config\\vpn-username.key" comp-lzo nobind verb 3 redirect-gateway tls-remote "x509.address.of.vpn.server" -- Markku Leiniö, Turku, Finland ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-01/msg00087.html on line 240 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-01/msg00087.html on line 240 |