Opened 10 years ago
Closed 10 years ago
#443 closed Bug / Defect (duplicate)
While in UDP mode server responds on different IP than request
| Reported by: | jabal | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.2.2 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | UDP IP bind |
| Cc: |
Description
Running over UDP the request is to IP 192.168.2.4, but the response comes from 192.168.2.3:
(TCPDUMP)
00:54:55.144074 IP 217.122.41.138.48226 > 192.168.2.4.openvpn: UDP, length 14
00:54:55.145373 IP 192.168.2.3.openvpn > 217.122.41.138.48226: UDP, length 26
This screws up routing. IP 192.168.2.3 is routed over gateway 1, while IP 192.168.2.4 is routed over gateway 2. This means the handshake between client and server does not succeed.
When I change to TCP TCPDUMP shows:
00:58:49.602282 IP 217.122.41.138.37386 > 192.168.2.4.openvpn: Flags [P.], seq 5691:5719, ack 7594, win 463, options [nop,nop,TS val 3457577307 ecr 42786829], length 28
00:58:49.602325 IP 192.168.2.4.openvpn > 217.122.41.138.37386: Flags ., ack 5719, win 411, options [nop,nop,TS val 42786842 ecr 3457577307], length 0
This means the request is to 192.168.2.4 and the response comes from the same address. In this case the VPN launches immediately.
Binding the OpenVPN server to IP 192.168.2.4, using the local directive, works with UDP as well but kills the dual internet line routing policy.
I consider this a bug. Please let me know if you do too.
I am running version:
[jabal@plato network-scripts]$ openvpn --version
OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>
$ ./configure --build=x86_64-unknown-linux-gnu --host=x86_64-unknown-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --program-prefix= --enable-iproute2 --enable-pkcs11 --enable-password-save --enable-pthread
Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PKCS11 USE_SSL
On CentOS 6.4
Duplicate of #442.