Menu
▾
▴
Re: [Openvpn-users] Re: Answering on the same interface where the request came from
|
From: James Y. <ji...@yo...> - 2005-02-26 08:18:44
|
I've put together an IP_PKTINFO patch that deals with the UDP multihoming issue on Linux. The patch borrows from Neil Brown's original patch of 9 July 2004, but goes further by refactoring OpenVPN's basic address structures so that the actual local and remote addresses are always paired, and UDP responses to clients will always use the local source address which is associated with a given client instance object. The basic principle of operation is that any authentication test which would normally result in the remote address of a client being "remembered" in the client instance object state, will now also record the local address as well (when --multihome is enabled). So when the time comes to send packets to the client, if a local address has been associated with the client, it will be used as the source address on all outgoing packets. This should accomplish the basic goal of "Answering on the same interface where the request came from". The patch is here: http://openvpn.net/patch/ (with an 'MH' postfix) Apply the patch to a clean 2.0-rc16 tree, then: ./doclean autoreconf -i -v ./configure make To enable the UDP multi-homing feature, add a --multihome flag, and of course omit a --local directive. You'll know it's working when you see something like this: Peer Connection Initiated with 10.66.0.2:1194 (via 10.66.0.5) Please test and let me know if you find any bugs. This won't be going into 2.0, but will probably merge during the 2.1 beta series. James |
