[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Wrong network port

  • Subject: Re: [Openvpn-users] Wrong network port
  • From: "Erestor Elensar" <erestor.elensar@xxxxxxxxx>
  • Date: Thu, 6 Jul 2006 10:58:57 +0200 (CEST)
  • Importance: Normal

> In <19397.>,
> Erestor Elensar <erestor.elensar@xxxxxxxxx> typed:
>> I can ping all the machine from siteA ( to siteB
>> ( )without any problems, but when i ping from a openvpn to
>> a
>> machine at the other site it end there with the ip address from the
>> tunnel
>> (!!!
>> How can i solve this ?
> If I read this right (and I may not be), then what's going on is
> normal behavior for a VPN, and not something that needs "solving", or
> that can easily be changed.
> The box that OpenVPN is running on adds an interace when the tunnel is
> up - the interface at it's end of the tunnel. When a system with
> multiple IP addresses sends out a packet, it pretty much has to label
> it as from the IP address associated with the interface that it's
> sending it out, as that's the only way to insure that the recipient of
> the packet will be able to get a response back.
> You can force connection to send use a different interfaces address as
> the source address, and it will get routed to the correct
> interface. However, that normally has to be done with each
> connection. There may be a way to force all connection to use some
> specific address, but that will be system-dependent.
> So, that the packets use the ip address of the tunnel isn't a
> problem. This may create problems for you elsewhere, but without
> knowing what those are specifically, we can't help solve them.
> 	<mike
> --
> Mike Meyer <mwm@xxxxxxxxx>		http://www.mired.org/consulting.html
> Independent Network/Unix/Perforce consultant, email for more information.


You have read this right, and indeed this is a normal way of behavior.
I tought that it would use the interface of the machine and not the tunnel.

My problem just for now lies that i have to create some extra routes
towards my time & logs servers.

Thank you for the response.

OpenVPN mailing lists