Jeff, I use VirtualBox with OpenVPN extensively .. I tend to use Bridged Networking not NAT but I am happy to try NAT if you make your setup details clear.
For example .. your VPN client is clearly the where the port is changed but do you run your server in a VM as well ? Perhaps you could start a thread on https://forums.openvpn.net/off-topic-related-f1.html we can compare notes. Regards ----- Original Message ----- From: "Jeff Mitchell" <jeffrey.mitch...@gmail.com> To: "Steffan Karger" <stef...@karger.me> Cc: <openvpn-users@lists.sourceforge.net> Sent: Wednesday, May 13, 2015 8:07 PM Subject: Re: [Openvpn-users] Disconnects, maybe from "Bad source address" messages after connection > For posterity and in case it helps anyone else in the future: > > I opened a ticket for this issue on the VirtualBox bugtracker > (https://www.virtualbox.org/ticket/14055) which was closed as a > probable duplicate of https://www.virtualbox.org/ticket/13475 which > itself was just marked fixed in the next release. > > I will attempt to replicate my problems in the new release of > VirtualBox and report back if I still encounter problems. > > Thanks, > Jeff > > On Thu, Apr 23, 2015 at 3:18 AM, Steffan Karger <stef...@karger.me> wrote: >> >> On 23-04-15 08:58, Gert Doering wrote: >>> On Wed, Apr 22, 2015 at 05:25:54PM -0700, blz wrote: >>>>> The server will just update its "what IP/port is the client on?" table >>>>> entry, without restarting anything. >>>> >>>> What I'm wondering is how secure that is, such as how easily one could >>>> fake such a reconnect to get in on someone else's session, where they >>>> wouldn't even need a key? I hope this is just good ol' fashion paranoia >>>> on my part, but it would be nice to know. Thanks. >>> >>> The server updates its table entry only if the packet's HMAC validates, >>> read "the client knows the key material for that particular session". >> >> It is even better: the server checks both the HMAC /and/ replay >> protection before updating its table entry. This means that an attacker >> also can't use older, previously valid, packets to mount a >> denial-of-service attack. >> >> -Steffan >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live >> exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
