Markku Leinio wrote:
I get lots of these too, just been ignoring them because they haven't
been causing any problems.
At 22:41 9.1.2005, James Yonan wrote:
To explicitly allow packets from 10.YYY.YYY.YYY, you need to use
The clients are behind NATs (different ones), so from where is that
private address coming from? I mean, the NAT is working, the client is
able to do anything in the net and OpenVPN correctly sees the client's
public IP address 193.166.XXX.XXX, but still it gets that private
address somewhere. That shouldn't be visible anywhere as the client
host is far away in the internet.
Ok, is this some SMB feature? I haven't seen those messages without an
active network mount. Samba must be carrying the real IP address
somewhere inside the data. So, maybe the Samba server for some reason
tries to send some packets to that private 10.YYY.YYY.YYY address.
If this is true, it raises another question: Why do those packets go
to the OpenVPN server and not to the internet (from the Samba server)?
The OpenVPN server is in the same subnet as the Samba server in
question, having public IP addresses. If the Samba server wants to
send something to 10.YYY.YYY.YYY, the routing table directs those
packets to the border router according to the default route as that
network does not exist in our inside network. Still the OpenVPN server
sees those packets.
I tried tcpdumping the traffic for those 10.YYY.YYY.YYY packets on
eth0 and tap0 but did not see anything even if OpenVPN logged those
messages at the same time.
One tested client host is behind a self-made Linux netfilter NAT, and
one host is behind a Buffalo Airstation NAT.
Thanks for your comments!
Steven Coutts B.Sc.(Hons) MBCS
PGP Public Key