Opened 3 years ago

Closed 3 years ago

#443 closed Bug / Defect (duplicate)

While in UDP mode server responds on different IP than request

Reported by: jabal Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: 2.2.2
Severity: Not set (if unsure, select this one) Keywords: UDP IP bind
Cc:

Description

Running over UDP the request is to IP 192.168.2.4, but the response comes from 192.168.2.3:

(TCPDUMP)
00:54:55.144074 IP 217.122.41.138.48226 > 192.168.2.4.openvpn: UDP, length 14
00:54:55.145373 IP 192.168.2.3.openvpn > 217.122.41.138.48226: UDP, length 26

This screws up routing. IP 192.168.2.3 is routed over gateway 1, while IP 192.168.2.4 is routed over gateway 2. This means the handshake between client and server does not succeed.

When I change to TCP TCPDUMP shows:
00:58:49.602282 IP 217.122.41.138.37386 > 192.168.2.4.openvpn: Flags [P.], seq 5691:5719, ack 7594, win 463, options [nop,nop,TS val 3457577307 ecr 42786829], length 28
00:58:49.602325 IP 192.168.2.4.openvpn > 217.122.41.138.37386: Flags ., ack 5719, win 411, options [nop,nop,TS val 42786842 ecr 3457577307], length 0

This means the request is to 192.168.2.4 and the response comes from the same address. In this case the VPN launches immediately.

Binding the OpenVPN server to IP 192.168.2.4, using the local directive, works with UDP as well but kills the dual internet line routing policy.

I consider this a bug. Please let me know if you do too.

I am running version:

[jabal@plato network-scripts]$ openvpn --version
OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 5 2012
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>

$ ./configure --build=x86_64-unknown-linux-gnu --host=x86_64-unknown-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --program-prefix= --enable-iproute2 --enable-pkcs11 --enable-password-save --enable-pthread

Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PKCS11 USE_SSL

On CentOS 6.4

Change History (1)

comment:1 Changed 3 years ago by syzzer

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #442.

Note: See TracTickets for help on using tickets.