Hi,
Ok, so not realy an openvpn problem but.... I am probably not the first to run
into this problem.
Someone probably has the solution already. ;-)
Trying to understand why my Linux machine with the openvpn client is sending
packets with one of it's local addresses via the tunnel to the other side.
Fri Jul 10 12:11:51 2015 us=741813 m.duthler-lan/82.217.xxx.yyy:zzzz MULTI: bad
source address from client [192.168.178.5], packet dropped
How do I debug this? Or maybe I already understand what is happening, but in
that case how to prevent it?
Routing says to only send 172.16.0.0/16 traffic to the other side.
Cause might be that this linux server needs to sometimes use our local company
dns servers, so:
linmwd:~# cat /etc/resolv.conf
search tio.nl
nameserver 172.16.128.40
nameserver 172.16.208.10
nameserver 8.8.8.8
How can I convince this Debian Linux machine to use it's local 172.16.18.1
address when doing a dns request to one of the 172.16.x.y dns servers?
No dns service package installed on the machine.
eth0 is the local LAN, eth1 is the connection to the on-site ISP router/modem.
All local devives do not have this problem as they only have a 172.16.18.x
number and their dns requests pass through the tunnel without a hitch.
In case it is relevant. Client sided ipv4 and routing config:
linmwd:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 00:11:6b:99:34:90 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.1/24 brd 172.16.18.255 scope global eth0
inet6 fd00::1:211:6bff:fe99:3490/64 scope global dynamic
valid_lft 6151sec preferred_lft 6151sec
inet6 fe80::211:6bff:fe99:3490/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether b8:ac:6f:a0:24:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.178.5/24 brd 192.168.178.255 scope global eth1
inet6 fe80::baac:6fff:fea0:24a1/64 scope link
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 100
link/none
inet 172.16.1.142 peer 172.16.1.141/32 scope global tun0
linmwd:~# ip route
default via 192.168.178.1 dev eth1
172.16.0.0/16 via 172.16.1.141 dev tun0
172.16.1.129 via 172.16.1.141 dev tun0
172.16.1.141 dev tun0 proto kernel scope link src 172.16.1.142
172.16.18.0/24 dev eth0 proto kernel scope link src 172.16.18.1
192.168.178.0/24 dev eth1 proto kernel scope link src 192.168.178.5
linmwd:~#
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
