On Fri, Apr 17, 2015 at 2:57 AM, <j.witvl...@mindef.nl> wrote: > Hi Jeff, > > It is indeed a strange phenomena that you describe. > The proposed peer-ID might help, but that is treating only the concequense, > not the cause. > Why does your client change is reply-port from 50349 towards 50348 ??? > > NAT-tables might expire or reloaded, but one should in those cases > communication the seize completely (fin, ack, syn) and not just (trying to) > continuing at a different port-number. > Curious indeed...
Indeed. This setup is two virtual machines in VirtualBox on an OSX host, both running Ubuntu 14.04.2 with OpenVPN 2.3.6 from swupdate.openvpn.net. The server (which is not on the same host) is also running the same software, although not in OpenVPN. You're right about communication seizing completely, at least on the server side...further down the trace I can see the client still trying to send packets on the new port, and the server trying to send keepalives down the previous port. Eventually both time out and the connection is torn down and reestablished. Using rsync like this has been the first way I've figured out how to really reliably repeat this, which suggests to me that what's triggering this problem is either the total data rate back and forth (through the NAT stack?) or some total number of packets or bytes (through the NAT stack?). That, or for some reason at some point the NAT stack stops correctly tracking the flow and decides that this is a new connection and gives it a new outbound port. Does that analysis sound correct to you? So hopefully peer-id will fix this, but I think I'll have to send some feelers out to the VirtualBox guys and see if they agree that this sounds like some issue in their stack. Thanks, Jeff ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
