Hi,
On 27/06/18 09:30, free...@tango.lu wrote:
Hello List,
There is this issue bugging me since a long time and try to put a stop
to it:
[22444423.820856] br0: received packet on tap0 with own address as
source address
[22444423.821068] br0: received packet on tap0 with own address as
source address
[22444423.844718] br0: received packet on tap0 with own address as
source address
[22444423.844952] br0: received packet on tap0 with own address as
source address
[22444423.868796] br0: received packet on tap0 with own address as
source address
[22444435.110486] net_ratelimit: 8 callbacks suppressed
[22444435.110489] br0: received packet on tap0 with own address as
source address
[22444435.178721] br0: received packet on tap0 with own address as
source address
Getting it in the kernel log of one of my servers. This is a Layer 2
ethernet bridge setup.
This issue does not cause any outage, extra traffic, slowdown,
broadcast storm or whatever, the communication is all OK but I keep
getting
these messages once in a while in the servers dmesg and would like
them to go away by actually finding the root cause and fixing the
problem.
My setup is a bit complex but I narrow it down to this:
Server |BR0| == tap0 + tap1
Client1 |BR0| == tap0 + eth0
Client2 |BR0| == tap0 + eth0
the 2 taps go to 2 another locations where they are bridged into the
local eth0 therefore bridging 3 networks together.
The config is the same on both sides.
Server Configs are for 2 separate openvpn daemons:
dev tap0
server-bridge 10.20.20.1 255.255.255.0 10.20.20.11 10.20.20.22
tls-server
tls-auth ta.key 0
client-to-client
dh dh2048.pem
ca ca.crt
cert server.crt
key server.key
port 4000
comp-lzo
keepalive 10 120
mute-replay-warnings
with slightly different IP ranges. Note, these ranges just for the
configuration to work, the actual ip range will be 192.168.5.x
assigned to br0 on the endpoints.
But as I noticed this does not cause the issue I can go and
reconfigure tap0 on the endpoints to 0.0.0.0 and still keep getting
these messages on the main server.
ouch, bridging on both sides is asking for trouble ...
you'll need to figure out what kind of traffic is received on the local
bridge - right now, you don't even know if it's coming from the LAN side
or the VPN side. I'd run tcpdump on the bridge (or both LAN+tap
adapters) to watch for any incoming traffic with the source address set
to the bridge address. Only when you know what kind of traffic it is,
will we be able to tell anything on whether it can be stopped at all.
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
