[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Re: Problem with openvpn on multi-homed host

Subject: [Openvpn-users] Re: Problem with openvpn on multi-homed host
From: Evan Harris <eharris@xxxxxxxxxxxxx>
Date: Fri, 5 Mar 2004 19:59:15 -0600 (CST)

One last note I forgot to include:

The reason we can't use --float is because the wireless routers are doing
NAT.  When the reply comes back with a different source address, the router
doesn't know it's really a reply to an existing udp connection, and it gets
dropped.  And that keeps the tunnel from working.

Evan


On Fri, 5 Mar 2004, Evan Harris wrote:

>
> I have an openvpn server that is multihomed.  It has a private ip on the
> eth0 interface, and an external public ip on eth1.
>
> I'm trying to setup laptops so there is no configuration requred wether they
> are inside or outside the network, openvpn just establishes a connection and
> works.
>
> So, I've configured the openvpn clients to always establish the tunnel to
> the public ip address of the server.  It should work, since the default
> route inside the network will still be able to get there.
>
> The problem comes up from the fact that openvpn doesn't appear to reply to
> the other end of the tunnel with udp packets having the same source address
> as the destination of the original packets.  Its sent replies have a source
> ip address of the interface the reply packets were sent via.
>
> Normally that would be ok, because you can use the --float option and when
> the replies from the server come back with a different ip, the peer (the
> notebook) will see it and change the tunnel destination address to the
> source of the packets, in this case the private ip of the server.
>
> Now here's the twist that causes the problem: we have a multilocation
> internal network using frame relay.  Many of the remote offices use a
> wireless network internally, and many of the notebooks attach using those
> links.
>
> Because of the security issues of the wireless networks, the wireless
> routers are firewalled so they can't talk to internal machines directly, so
> the only traffic allowed to pass from those routers are packets destined for
> the public ip of the tunnel server.  So we don't want to use the --float
> option.
>
> I just want openvpn to reply with the same ip!  Can it be forced to?
>
> Tested with openvpn 1.5.0.
>
> Evan
>
>
>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Re: Problem with openvpn on multi-homed host
  - From: John Locke

References:
- [Openvpn-users] Problem with openvpn on multi-homed host
  - From: Evan Harris

Prev by Date: [Openvpn-users] Problem with openvpn on multi-homed host
Next by Date: Re: [Openvpn-users] Re: Problem with openvpn on multi-homed host
Previous by thread: [Openvpn-users] Problem with openvpn on multi-homed host
Next by thread: Re: [Openvpn-users] Re: Problem with openvpn on multi-homed host
Index(es):
- Date
- Thread