James Yonan wrote:
Okay, I understand what you are asking for -- If you were using static
key mode (which is stateless), you would get the behavior you are
looking for. In TLS mode, however, OpenVPN doesn't allow a port or IP
change within a given TLS session (for security/DoS reasons). The
Kosta Welke wrote:
James Yonan wrote:
No, --float only applies to the IP address, not the port.
Sadly, yes.
You can't really float on the port efficiently because a UDP socket
needs to bind to some port number (either static or dynamic). To do
port floating, you would need to bind to eve
James Yonan wrote:
No, --float only applies to the IP address, not the port.
Sadly, yes.
You can't
really float on the port efficiently because a UDP socket needs to bind
to some port number (either static or dynamic). To do port floating,
you would need to bind to every possible port th
Leonard Isham wrote:
On 3/6/06, Kosta Welke wrote:
04:25:40.379210 IP client.1042 > server.1194: UDP, length 53
04:25:50.641933 IP server.1194 > client.1042: UDP, length 53
[connection breaks -> client has same IP thanks to NAT, but other port]
04:25:50.949669 IP client.39630 > server.1194: UDP
On 3/6/06, Kosta Welke wrote:
> Hi!
>
> I really enjoy openvpn. I also found a bug :)
>
> Consider this network layout, float is enabled:
> (client and server are the openvpn client and server)
>
> client -- box1 -- NAT --- server
> \- box2 -/
>
> The client has an instable connection to b
Hi!
I really enjoy openvpn. I also found a bug :)
Consider this network layout, float is enabled:
(client and server are the openvpn client and server)
client -- box1 -- NAT --- server
\- box2 -/
The client has an instable connection to both boxes. If a connection
breaks, it simply use
