Menu
▾
▴
[Openvpn-users] MULTI: bad source address from client, packet dropped
|
From: Jason B. <bur...@gm...> - 2006-06-01 04:18:33
|
It seems my life is being made more difficult by the minute with
OpenVPN. It seems to be a recurrent problem without a good answer I've
found. I'm pretty much at my wit's end and give up. Yes, IP forwarding
is enabled on both machines.
I set up an OpenVPN 2.0 server on a remote machine. I then have a
client running on a border router at another site that connects to it.
It connects fine. I can ping back and forth between the server and the
client, initiated from either side. The problem arises when I try to
ping from a machine on the client side to a machine behind the server.
Wed May 31 22:37:18 2006 us=958912
clientStarnetBeta-Cave/client-IP:43077 MULTI: bad source address from
client [192.168.0.130], packet dropped
Now, on the server this is my routing table:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.3.0.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 * 255.255.255.0 U 0 0 0 eth1
192.168.102.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
9.19.129.0 * 255.255.255.0 U 0 0 0 eth1
9.19.129.0 * 255.255.255.0 U 0 0 0 eth1
10.3.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
10.15.1.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
10.15.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
032-238-079.are * 255.0.0.0 U 0 0 0 eth0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default ISP_Gateway 0.0.0.0 UG 0 0 0 eth0
On the client side, it's this:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.3.0.5 * 255.255.255.255 UH 0 0 0 tun1
Another local VPN * 255.255.255.255 UH 0 0 0 tun0
user-12lmgo0.ca * 255.255.255.128 U 0 0 0 eth1
192.168.100.0 10.3.0.5 255.255.255.0 UG 0 0 0 tun1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
10.3.0.0 10.3.0.5 255.255.255.0 UG 0 0 0 tun1
loopback * 255.0.0.0 U 0 0 0 lo
default client ISP gateway 0.0.0.0 UG 0 0
0 eth1
The interface in question for the client side is tun1. For the
server, it's tun0.
I tried turning off masquerading on either side, to no avail. I set
explicit routes, to no avail.
Any ping from any machine behind the client router, such as
192.168.0.130, gets dropped with the error message above, and drops
off into a black hole.
Here are the configuration files, incidentally:
Server.conf:
local openvpn-server-address
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.3.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.100.0 255.255.255.0"
client-config-dir ccd
route 192.168.0.0 255.255.255.0
route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0
route 192.168.102.0 255.255.255.0
route 10.15.0.0 255.255.255.0
route 10.15.1.0 255.255.255.0
;route 10.3.0.0 255.255.255.0
; Allow clients to see each other.
client-to-client
keepalive 10 120
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
max-clients 25
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 5
client.conf:
client
dev tun
proto udp
remote openvpn-server-address 1194
nobind
user nobody
group nobody
persist-key
persist-tun
dh /etc/openvpn/dh1024.pem
ca ca.crt
cert clientStarnetBeta.crt
key clientStarnetBeta.key
;ns-cert-type server
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
verb 3
mute 20
keepalive 10 120
Server-side ccd file for the client:
iroute 192.168.0.0 255.255.255.0
iroute 192.168.1.0 255.255.255.0
iroute 192.168.2.0 255.255.255.0
Thanks for any help.
|