[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Answering on the same interface where the request came from

  • Subject: Re: [Openvpn-users] Re: Answering on the same interface where the request came from
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Sat, 26 Feb 2005 01:18:36 -0700 (MST)

I've put together an IP_PKTINFO patch that deals with the UDP multihoming
issue on Linux.  The patch borrows from Neil Brown's original patch of 9
July 2004, but goes further by refactoring OpenVPN's basic address 
structures so that the actual local and remote addresses are 
always paired, and UDP responses to clients will always use the local 
source address which is associated with a given client instance object.

The basic principle of operation is that any authentication test which
would normally result in the remote address of a client being "remembered"  
in the client instance object state, will now also record the local
address as well (when --multihome is enabled).  So when the time comes to
send packets to the client, if a local address has been associated with
the client, it will be used as the source address on all outgoing packets.  
This should accomplish the basic goal of "Answering on the same interface
where the request came from".

The patch is here:

http://openvpn.net/patch/ (with an 'MH' postfix)

Apply the patch to a clean 2.0-rc16 tree, then:

autoreconf -i -v

To enable the UDP multi-homing feature, add a --multihome flag, and of 
course omit a --local directive.

You'll know it's working when you see something like this:

  Peer Connection Initiated with (via

Please test and let me know if you find any bugs.

This won't be going into 2.0, but will probably merge during the 2.1 beta 


Openvpn-users mailing list