[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] multiple --remote parameter didn't work as expected (by me)

Subject: [Openvpn-users] multiple --remote parameter didn't work as expected (by me)
From: Claas Hilbrecht <claas+maillinglists.openvpn@xxxxxxxxxxxxxxxxx>
Date: Wed, 06 Apr 2005 16:51:54 +0200

Today I tried to start using the multiple "--remote" parameter option from OpenVPN for some more clients. I noticed some unexpected behaviour (at least to me unexpected).

First off all I tried a setup with the following entries:

rport 10193
remote 83.213.243.31
remote 217.24.217.139
remote 193.14.45.6
remote 143.245.43.151

The "--float" parameter is not set since all possible peers have fixed IP adresses and all are listed as possible remotes. After starting OpenVPN I get this message from OpenVPN:

1112795170,N,TCP/UDP: Incoming packet rejected from 143.245.43.151:10193[2], expected peer address: 193.14.45.6:10193 (allow this incoming source address/port by removing --remote or adding --float)

As the notice suggested adding "--float" will fix this but on the other hand giving multiple peers with "--remote" should work too I think.

The next thing is that some peers are unreachable (to test the --remote option). OpenVPN gives the message:

LOG:1112795310,N,read UDPv4 [EHOSTUNREACH]: No route to host (code=113)

I think OpenVPN could give up the connection attempt immediately if multiple peers are given and a network error occurs.

The "--remote-random" option seems to work as stated in the manual but the randomness is "low". I've started OpenVPN 10 times and the first host tried 8 times is 83.213.243.31. I know that get_random() is used to obtain randomness but it seems "strange" to me.

And one feature request. It would be nice if the managment console could set a host to connect to. The idea behind this is to remove "--remote-random" and start the OpenVPN process in "hold" mode. Now you can select a host to connect to with the management console and release the "hold". This would be useful if you connect to serveral clients with the same configuration via ISDN to make some maintaince.

--
Claas Hilbrecht
http://www.jucs-kramkiste.de


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00080.html on line 214

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00080.html on line 214