Re: [Openvpn-users] MULTI: bad source address from client

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

If it helps here are the outputs of `route PRINT` on the client machine
before and after OpenVPN is run:

*Before*

F:\Documents and Settings\Administrator>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d f7 ed f3 ...... NVIDIA nForce MCP Networking Controller -
Packet
 Scheduler Miniport
0x3 ...00 ff cc e3 a4 76 ...... TAP-Win32 Adapter V8 - Packet Scheduler
Miniport

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.99       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0     192.168.0.99    192.168.0.99       20
     192.168.0.99  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255     192.168.0.99    192.168.0.99       20
        224.0.0.0        240.0.0.0     192.168.0.99    192.168.0.99       20
  255.255.255.255  255.255.255.255     192.168.0.99    192.168.0.99       1
  255.255.255.255  255.255.255.255     192.168.0.99               3       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None

*After*

F:\Documents and Settings\Administrator>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d f7 ed f3 ...... NVIDIA nForce MCP Networking Controller -
Packet
 Scheduler Miniport
0x3 ...00 ff cc e3 a4 76 ...... TAP-Win32 Adapter V8 - Packet Scheduler
Miniport

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0        128.0.0.0         10.8.0.5        10.8.0.6       1
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.99       20
         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
    72.x.x.x  255.255.255.255      192.168.0.1    192.168.0.99       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        128.0.0.0        128.0.0.0         10.8.0.5        10.8.0.6       1
      192.168.0.0    255.255.255.0     192.168.0.99    192.168.0.99       20
     192.168.0.99  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255     192.168.0.99    192.168.0.99       20
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0     192.168.0.99    192.168.0.99       20
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255     192.168.0.99    192.168.0.99       1
Default Gateway:          10.8.0.5
===========================================================================
Persistent Routes:
  None

Where 72.x.x.x is the address of the remote OpenVPN server

Thanks

On 05/07/07, Andrew Smith <and...@gm...> wrote:
>
> Hi Darren
>
> Yes, 192.168.0.99 is the address of the local ethernet interface on the
> client.
>
> I'm afraid I'm not really sure what you're saying, I should add for
> clarity that the client is Windows XP and the server is Debian Linux. The
> problem is that everything is sending packets from 192.168.0.99, not just
> one oe two applications, the second I connect to the server I get a stream
> of these error messages and not a single application works over the internet
> (except the OpenVPN client).
>
> Thanks for responding, sorry if I've misunderstood you!
>
> On 05/07/07, Darren Loher <dl...@en... > wrote:
> >
> >  Is that IP address ( 192.168.0.99) the address of the local Ethernet
> > interface on the client?
> >
> >
> >
> > If so, this indicates that an application that is trying to communicate
> > is sourcing packets from the Ethernet port which are then being routed
> > across the openvpn tunnel.  This can happen with servers that try to respond
> > to requests from the VPN, if the server is started before the VPN tunnel is
> > up.  (because when the server came up, it bound sockets to specific
> > interface addresses rather than to 0.0.0.0/0.   I have noticed this
> > happens with ntpd)
> >
> >
> >
> > A quick fix is to HUP or restart the offending service after the VPN
> > comes online.
> >
> >
> >
> > -Darren
> >
> >
> >  ------------------------------
> >
> > *From:* ope...@li... [mailto:
> > ope...@li...] * On Behalf Of *Andrew
> > Smith
> > *Sent:* Thursday, July 05, 2007 11:22 AM
> > *To:* ope...@li...
> > *Subject:* [Openvpn-users] MULTI: bad source address from client
> >
> >
> >
> > Hi
> >
> > (Hope this is the right place to post this, I'm rather new to mailing
> > lists)
> >
> > I have an OpenVPN set up as follows
> >
> > Server
> >
> > port 8080
> > proto tcp
> > dev tun
> > ca ca.crt
> > cert server.crt
> > key server.key
> > dh dh1024.pem
> > server 10.8.0.0 255.255.255.0
> > ifconfig-pool-persist ipp.txt
> > keepalive 10 120
> > persist-key
> > persist-tun
> > comp-lzo
> > status openvpn-status.log
> > verb 5
> > client-disconnect ./disconnect.pl
> > push "redirect-gateway def1"
> >
> > Client
> >
> > client
> > dev tun
> > proto tcp
> > remote server.address 8080
> > resolv-retry infinite
> > nobind
> > persist-key
> > persist-tun
> > ca ca.crt
> > cert name.crt
> > key name.key
> > verb 4
> > mute 10
> > comp-lzo
> >
> > I'm not sure what you can tell from these config files but the intention
> > of the setup is that the client connects to the server across the internet
> > and from the openvpn server the internet can be accessed by the client. This
> > is basically tunneling, allowing the client's internet data to be encrypted
> > and also (hopefully) meaning that packet shaping measures / blocking / etc.
> > will not work on the client. I had this working fine for a while, but now
> > (and I'm not sure what I changed, I'm afraid) I receive this error:
> >
> > RThu Jul  5 17:10:06 2007 us=338898 name/x.x.x.x:51783 MULTI: bad source
> > address from client [192.168.0.99], packet dropped
> >
> > over and over again and the internet access that worked doesn't work,
> > preceding this are no errors and connection to the OpenVPN server works just
> > fine. It's probably worth noting that when it *did* work I occasionally got
> > this error message but could not link it with anything not working (all
> > internet activity seemed to function normally where as now it doesn't).
> >
> > I'm really stuck here and any hints and tips would be greatly
> > appreciated.
> > Thanks
> > Andrew Smith
> >
>
>

Re: [Openvpn-users] MULTI: bad source address from client

Robust and flexible VPN network tunnelling

Re: [Openvpn-users] MULTI: bad source address from client