From: Tom E. <te...@sh...> - 2013-11-23 00:27:18
|
On 11/22/2013 1:21 PM, Axel Zöllich wrote: > Am Freitag, 22. November 2013, 12:58:11 schrieb Tom Eastep: >> On 11/22/2013 12:50 PM, Axel Zöllich wrote: >>>>> Conntrack Table (1512 out of 65536) >>>>> [...] >>>>> udp 17 22 src=212.117.77.218 dst=62.155.185.165 sport=1300 >>>>> dport=1300 >>>>> [UNREPLIED] src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1024 >>>>> mark=0 use=2 >>>>> udp 17 172 src=62.155.185.165 dst=80.152.162.192 sport=1300 >>>>> dport=1300 >>>>> src=80.152.162.192 dst=62.155.185.165 sport=1300 dport=1300 [ASSURED] >>>>> mark=256 use=2 >>>>> [...] >>>>> >>>>> >>>>> How can I get rid of the additional entry when the openvpn tunnel is >>>>> renewed? >>>> >>>> Use the 'conntrack' utility. >>> >>> I did, but this is not what I want. >>> Or is actively removing of the entries the only way to reestablish a >>> tunnel >>> when connection tracking is enabled? >> >> I have no idea why you are seeing that problem. Anyone else seen it? > > Maybe there is a correlation with my two ISPs setup? > > I didn't investigate further yet, but i've got martians >> martian source 212.117.77.218 from 217.92.133.162, on dev ppp0 > where 212... is the IP of eth4. Are ppp0 and eth4 your provider links. Also, is your OpenVPN setup Point-to-Point or client/server? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |