Hi Darren

Yes, 192.168.0.99 is the address of the local ethernet interface on the client.

I'm afraid I'm not really sure what you're saying, I should add for clarity that the client is Windows XP and the server is Debian Linux. The problem is that everything is sending packets from 192.168.0.99, not just one oe two applications, the second I connect to the server I get a stream of these error messages and not a single application works over the internet (except the OpenVPN client).

Thanks for responding, sorry if I've misunderstood you!

On 05/07/07, Darren Loher <dloher@envysion.com > wrote:

Is that IP address ( 192.168.0.99) the address of the local Ethernet interface on the client?

 

If so, this indicates that an application that is trying to communicate is sourcing packets from the Ethernet port which are then being routed across the openvpn tunnel.  This can happen with servers that try to respond to requests from the VPN, if the server is started before the VPN tunnel is up.  (because when the server came up, it bound sockets to specific interface addresses rather than to 0.0.0.0/0.   I have noticed this happens with ntpd)

 

A quick fix is to HUP or restart the offending service after the VPN comes online.

 

-Darren

 


From: openvpn-users-bounces@lists.sourceforge.net [mailto:openvpn-users-bounces@lists.sourceforge.net] On Behalf Of Andrew Smith
Sent: Thursday, July 05, 2007 11:22 AM
To: openvpn-users@lists.sourceforge.net
Subject: [Openvpn-users] MULTI: bad source address from client

 

Hi

(Hope this is the right place to post this, I'm rather new to mailing lists)

I have an OpenVPN set up as follows

Server

port 8080
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
persist-key
persist-tun
comp-lzo
status openvpn-status.log
verb 5
client-disconnect ./disconnect.pl
push "redirect-gateway def1"

Client

client
dev tun
proto tcp
remote server.address 8080
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert name.crt
key name.key
verb 4
mute 10
comp-lzo

I'm not sure what you can tell from these config files but the intention of the setup is that the client connects to the server across the internet and from the openvpn server the internet can be accessed by the client. This is basically tunneling, allowing the client's internet data to be encrypted and also (hopefully) meaning that packet shaping measures / blocking / etc. will not work on the client. I had this working fine for a while, but now (and I'm not sure what I changed, I'm afraid) I receive this error:

RThu Jul  5 17:10:06 2007 us=338898 name/x.x.x.x:51783 MULTI: bad source address from client [192.168.0.99], packet dropped

over and over again and the internet access that worked doesn't work, preceding this are no errors and connection to the OpenVPN server works just fine. It's probably worth noting that when it *did* work I occasionally got this error message but could not link it with anything not working (all internet activity seemed to function normally where as now it doesn't).

I'm really stuck here and any hints and tips would be greatly appreciated.
Thanks
Andrew Smith