On Fri, 25 Nov 2005, Stefano Garavaglia wrote:
I've had a problem (now solved) with OpenVPN 2.0.5, and I don't know if
it's a bug in OpenVPN handling of multiple interfaces or just a wrong
configuration.
I've installed OpenVPN server on a firewall with 4 NICs, 3 bound to
ADSL and 1 on the internal net (eth0).
For the initial testing I used ADSL1 (eth1) and a computer connected
directly to the adsl router switch, and it worked well. At this time
in the server config there wasn't a "local a.b.c.d" line and the router
wasn't conencted to the interned due to a ISP problem.
Being this test successful I moved the client computer to a remote
office, and the VPN couldn't start at all. I tried also form a windows
computer as a client, but nothing worked.
This time I was trying to connect to my firewall trough ADSL2 (eth2).
After some thinkering about, I just added a line to server config:
local 217.60.x.x (the ip of eth2 connected to ADSL2)
and now it works.
This is a known problem with OpenVPN 2.0.x running on a multihomed system
with "multiple ways out" when using UDP. Per default when sending a UDP
packet it will use a source IP address of the interface that matches the
route that will be used to reach the destination and no concern is taken
to what destination address the original incomming packet had. This has
historically been a common problem in other UDP based applications as
well.
If you use TCP instead this is not a problem.
In the OpenVPN 2.1 series a "multihome" patch has been applied that solves
this problem at least on linux systems, not sure about other OSs though as
there was some discussion about there not beeing any portable way of
solving this...
--
_____________________________________________________________
Mathias Sundman (^) ASCII Ribbon Campaign
OpenVPN GUI for Windows X NO HTML/RTF in e-mail
http://openvpn.se/ / \ NO Word docs in e-mail
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|