First off, this should be a new thread, not a reply to an existing
thread. In the future it's consider good form to start new threads for
topics that don't relate to topic of another thread.
greek ordono wrote:
> I have question regarding unreliable connection on the client side
> when using lower IP. The client with lower IP disconnect after pinging
> the server.
> Lower IP connection:
> Client eth0 Server
> 192.168.1.46 --> 192.168.1.246
> Higher IP connection:
> Client eth0
> 192.168.1.232 --> 192.168.1.246
> I also check the route but they have the same route. There a lot of
> packet drops when using lower IP.
Based on your setup below, you're referring to the IP address of the
physical local adapter of the client. This has no bearing on OpenVPN at
all, so your issue is probably on your network somewhere. However, also
see my notes below on what you're trying to do with the VPN routes.
> # Server
> # OS: Trustix 2.2(2.4.34-ltr Kernel)
> # Openvpn: 2.0.5
> local 192.168.1.246
> port 4911
> proto tcp
> dev tun
> ca /etc/openvpn/keys/ca.crt
> cert /etc/openvpn/keys/server.crt
> key /etc/openvpn/keys/server.key
> dh /etc/openvpn/keys/dh1024.pem
> server 192.168.246.0 255.255.255.0
> push "route 192.168.1.0 255.255.255.0"
> push "redirect-gateway def1"
> push "dhcp-option DNS 192.168.1.243 18.104.22.168"
> push "dhcp-option DOMAIN vpntesting"
> keepalive 60 120
> verb 6
> mute 20
By pushing a route to the 192.168.1.0 network via the VPN tunnel you're
creating a redundant route since the physical adapter also has an IP and
route to that network. This is going to lead to odd results depending
on what IP and interface local applications try to use when sending
data. You can't really test a VPN by also being on the network you're
connecting to for this very reason. With redirect-gateway, either the
default gateway is overridden (and specific routes are always a higher
priority than the default route) or with the def1 option, the metric is
higher than existing routes, causing the same effect.
I don't think your packet loss has anything to do with the higher verses
lower IP, but either (or both) an issue with the local network (such as
an IP conflict) or just simple routing confusion on the server and/or
Description: OpenPGP digital signature