Hi, On Sun, Jul 19, 2020 at 10:32:42PM +1200, Richard Hector wrote: > > NAT with port translation in beteween? If the port > > changes after a restart, and the other end has no --float in the config, > > things will not work. Here a clear client/server role also helps, as > > there is a well defined "setup connection" phase (p2p just sends off > > packets, no handshake involved). > > No NAT. These are all VPSes from a (single) public provider. I use > static ports, so I can configure them predictably and automatically, and > avoid having them tread on each others' toes.
In that case what I'd do is
- run tcpdump on the "lan" interface on both sides, on that port
- restart one instance
- see if observed traffic shifts (ports? not reaching the other side?
- see what, if anything, is in the openvpn logs
But indeed, the basic assumption is "if you have static ports on both
sides, and no NAT in between, restarting either side at any time should
just work" - that's the point of having a static pre-shared key: no
negotiation whatsoever (= the peer does not even know you've been
restarted, unless ports change).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
