I just recently set up a new set of servers running openvpn on a shared
vrrp IP. When I connect to my TCP server, everything is fine, but when I
connect to a UDP server, my initial client packet goes to the VRRP IP, but
the reply packet from the openvpn server comes from the "real" IP of the
interface.
I was wondering if anyone would know why this is likely to be happening,
and if there might be anything on the openvpn side of things that I could
do to change it?
sample of packet capture:
11 44.695809 47.184.48.161 -> 10.1.47.22 OpenVPN 60 MessageType:
P_CONTROL_HARD_RESET_CLIENT_V2
12 44.696143 10.1.47.21 -> 47.184.48.161 OpenVPN 68 MessageType:
P_CONTROL_HARD_RESET_SERVER_V2
server is Debian 8.2, kernel is 3.16.0, openvpn is 2.3.4
config is:
ifconfig 172.29.65.1 172.29.65.2
ifconfig-pool 172.29.65.100 172.29.65.250
up "vtysh_route 172.29.65.0 255.255.255.0"
dev tun1
proto udp
port 1194
status status/user.u
ifconfig-pool-persist status/persist.user.u
management 127.0.0.1 5551
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so "openvpn login
COMMONNAME password PASSWORD"
reneg-sec 0
script-security 2
client-connect client_connect
client-disconnect client_connect
duplicate-cn
ca ca.crt
cert mia32450vpn002.crt
comp-lzo
crl-verify crl.pem
dh dh1024.pem
ping 10
ping-exit 120
key mia32450vpn002.key
mode server
persist-key
persist-tun
ping-timer-rem
status-version 3
tls-server
verb 4
push "route 172.29.0.0 255.255.0.0"
Thanks!
-Joe
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
