On 01/14/2010 06:15:58 PM, Peter Stuge wrote:
> Let's try some more.
>
> Karl O. Pinc wrote:
> > > no; it is because the OpenVPN client creates the same src + dst
> pair
> > > for every connection.
> >
> > Enrico is right. It's in the IP RFC, the 2MSL (twice the maximum
> > segment lifetime) rul
Let's try some more.
Karl O. Pinc wrote:
> > no; it is because the OpenVPN client creates the same src + dst pair
> > for every connection.
>
> Enrico is right. It's in the IP RFC, the 2MSL (twice the maximum
> segment lifetime) rule. (STD 5 is the right rfc?)
I agree that the statement about
On 01/11/2010 08:31:01 AM, Enrico Scholz wrote:
>
> no; it is because the OpenVPN client creates the same src + dst pair
> for every connection. I suggest to read some papers about stateful
> firewalls before continuing this discussion.
Enrico is right. It's in the IP RFC, the 2MSL (twice the
Peter Stuge writes:
>> >> I am running a multihomed host where 'local ' must be
>> >> specified for proper operation.
>> >
>> > Could you add a route and use nobind? Unless you have one openvpn
>> > on each IP that should work.
>>
>> I would really like to avoid the NAT hackery.
>
> I didn't mea
Enrico Scholz wrote:
> >> I am running a multihomed host where 'local ' must be
> >> specified for proper operation.
> >
> > Could you add a route and use nobind? Unless you have one openvpn
> > on each IP that should work.
>
> I would really like to avoid the NAT hackery.
I didn't mean to sugges
Peter Stuge writes:
>> I am running a multihomed host where 'local ' must be
>> specified for proper operation.
>
> Could you add a route and use nobind? Unless you have one openvpn on
> each IP that should work.
I would really like to avoid the NAT hackery.
>> On ungraceful reconnects, the ne
Enrico Scholz wrote:
> I am running a multihomed host where 'local ' must be
> specified for proper operation.
Could you add a route and use nobind? Unless you have one openvpn on
each IP that should work.
(I usually take multihomed to mean multi network rather than several
IP addresses on one an
Hi,
I am running a multihomed host where 'local ' must be specified
for proper operation. Unfortunately, this implies 'lport 1194' or
another static port.
This causes problems with stateful firewalls which register the host/port
pairs in the internal connection tracking table. On ungraceful rec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Resending it to openvpn-devel list, to hit the right audience.
kind regards,
David Sommerseth
On 08/01/10 10:39, Enrico Scholz wrote:
> Hi,
>
> I am running a multihomed host where 'local ' must be specified
> for proper operation. Unfortunately
