Is that IP address (192.168.0.99) the address
of the local Ethernet interface on the client?
If so, this indicates that an application
that is trying to communicate is sourcing packets from the Ethernet port which
are then being routed across the openvpn tunnel. This can happen with servers
that try to respond to requests from the VPN, if the server is started before
the VPN tunnel is up. (because when the server came up, it bound sockets to
specific interface addresses rather than to 0.0.0.0/0. I have noticed this
happens with ntpd)
A quick fix is to HUP or restart the offending
service after the VPN comes online.
-Darren
From:
openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Andrew Smith
Sent: Thursday, July 05, 2007
11:22 AM
To:
openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] MULTI:
bad source address from client
Hi
(Hope this is the right place to post this, I'm rather new to mailing lists)
I have an OpenVPN set up as follows
Server
port 8080
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
persist-key
persist-tun
comp-lzo
status openvpn-status.log
verb 5
client-disconnect ./disconnect.pl
push "redirect-gateway def1"
Client
client
dev tun
proto tcp
remote server.address 8080
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert name.crt
key name.key
verb 4
mute 10
comp-lzo
I'm not sure what you can tell from these config files but the intention of the
setup is that the client connects to the server across the internet and from
the openvpn server the internet can be accessed by the client. This is
basically tunneling, allowing the client's internet data to be encrypted and
also (hopefully) meaning that packet shaping measures / blocking / etc. will
not work on the client. I had this working fine for a while, but now (and I'm
not sure what I changed, I'm afraid) I receive this error:
RThu Jul 5 17:10:06 2007 us=338898 name/x.x.x.x:51783 MULTI: bad source
address from client [192.168.0.99], packet
dropped
over and over again and the internet access that worked doesn't work, preceding
this are no errors and connection to the OpenVPN server works just fine. It's
probably worth noting that when it *did* work I occasionally got this error
message but could not link it with anything not working (all internet activity
seemed to function normally where as now it doesn't).
I'm really stuck here and any hints and tips would be greatly appreciated.
Thanks
Andrew Smith