[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Bad source address from client


  • Subject: [Openvpn-users] Bad source address from client
  • From: Markku Leinio <markku.leinio@xxxxxxxxxxxxxx>
  • Date: Sun, 09 Jan 2005 18:31:17 +0200

Hi folks. I have been using dev tap with my VPN very successfully a couple of months but have now been testing dev tun instead. Everything is great otherwise, but I get the following messages in the log in the server side:

Sun Jan 9 18:10:41 2005 Markku_Leinio/193.166.XXX.XXX:1663 MULTI: bad source address from client [10.YYY.YYY.YYY], packet dropped

It starts when I mount the network drive in my XP client ("net use x: \\inside.server\share"), and repeats while I use the share. Note that the 10.YYY address in brackets is the client assigned private IP address even though the client is behind a NAT router! So the address is neither the NAT-assigned public address nor the VPN tunnel IP address.

What does this message mean, and how is the client private IP address visible to the OpenVPN server?

This situation has been tested with two different end systems, in different NAT systems (and the NAT in question is not done in the VPN server but in the source network). NAT is working and also the client's public IP address is correctly shown in the log above (XXX address). In dev tap mode (no other changes in the configuration) there are absolutely no problems whatsoever. And this problem is only visible in the server logs, the share is working fine.

Configurations follow:

Server side (OpenVPN 2.0rc6, Debian GNU/Linux, kernel 2.4.27):
----------------------------------------------
dev tun
port 2294
server 192.168.88.0 255.255.255.0
push "route vpn.server.address 255.255.255.255 net_gateway"
push "route one.inside.network 255.255.255.0"
push "route another.inside.network 255.255.255.0"
push "explicit-exit-notify 2"
keepalive 10 60
ca root.crt
dh dh1024.pem
cert vpn-server.crt
key vpn-server.key
crl-verify crl.pem
duplicate-cn
user nobody
group nogroup
persist-key
persist-tun
comp-lzo
verb 3

Client side (OpenVPN 2.0rc6, Windows XP Pro SP2):
---------------------------------
remote vpn.server.address
dev tun
port 2294
client
ca   "c:\\Program Files\\OpenVPN\\config\\root.crt"
cert "c:\\Program Files\\OpenVPN\\config\\vpn-username.crt"
key  "c:\\Program Files\\OpenVPN\\config\\vpn-username.key"
comp-lzo
nobind
verb 3
redirect-gateway
tls-remote "x509.address.of.vpn.server"


--
Markku Leiniö, Turku, Finland




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users