We have a pretty plain openvpn setup. But we are consistently seeing this in
our server logs, on both our udp and tcp instances of openvpn. Anyway to make
this not happen from a client or server change?
openvpn-tcp-443.log:Mon Jun 24 21:00:43 2013 us=609478
user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:00:43 2013
us=750001 user_name/200.142.133.21:12109 MULTI: bad source address from client
[10.96.192.225], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:00:44 2013
us=815737 user_name/200.142.133.21:12109 MULTI: bad source address from client
[10.96.192.225], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:00:45 2013
us=776301 user_name/200.142.133.21:12109 MULTI: bad source address from client
[10.96.192.225], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:00:49 2013
us=942991 user_name/200.142.133.21:12109 MULTI: bad source address from client
[10.96.192.225], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:00:51 2013
us=129790 user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:01:05 2013
us=489314 user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:01:27 2013
us=129346 user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:01:38 2013
us=249586 user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:02:13 2013
us=49611 user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet droppedopenvpn-tcp-443.log:Mon Jun 24 21:02:39 2013
us=809346 user_name/176.224.69.12:39939 MULTI: bad source address from client
[176.224.69.12], packet dropped
I've attached our config below:
port 443proto tcpdev tunca /etc/ssl/certs/ca.crtcert
/etc/ssl/certs/server.crtkey /etc/ssl/private/server.key # This file should be
kept secretdh /etc/ssl/private/dh1024.pemserver 10.10.0.0
255.255.0.0ifconfig-pool-persist
ipp.txtclient-cert-not-requiredusername-as-common-nameplugin
/usr/local/surfeasy/lib/openvpn-remote-auth.so "some special
args"script-security 2 execvetmp-dir /dev/shm# Accountingclient-connect
"/usr/local/surfeasy/lib/usage_connect_disconnect.rb url "*"client-disconnect
"/usr/local/surfeasy/lib/usage_connect_disconnect.rb url "*""management
127.0.0.1 40002push "redirect-gateway def1 bypass-dhcp"push "dhcp-option DNS
172.16.0.23"keepalive 10 60ping-timer-remcipher BF-CBC # Blowfish
(default)comp-lzopersist-keypersist-tunstatus openvpn-tcp-443-status.log
300status-version 2log-append openvpn-tcp-443.logverb 4
Joshua J. Gross
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
