Re: [Openvpn-users] Unexplainable "bad source address from client" after reconnect (bug?) - Still happening

[Gert D. <ge...@gr...>]

Hi,

On Fri, Mar 06, 2015 at 02:04:36PM +0100, David Schweikert wrote:
> On Fri, Feb 06, 2015 at 15:24:19 +0100, David Schweikert wrote:
> > Feb  5 11:10:12 v-gate openvpn[20629]: h25848/101.92.13.121:5551 MULTI_sva: pool returned IPv4=192.168.0.92, IPv6=(Not enabled)
> > ...
> > Feb  5 11:49:08 v-gate openvpn[20629]: h25848/101.92.13.121:5551 MULTI: bad source address from client [192.168.0.92], packet dropped
> 
> For the records: we have found the problem. It was caused by
> 'stale-routes-check' with a too short interval. OpenVPN was removing
> routes that were still in use for current connections. We have removed
> that directive, and all is good now.

Thanks for tracing this further, pinpointing it, and sharing the solution.

I admit I did not know that this option exists at all - but yeah, if a 
route is cleaned (from how I understand the code) it won't accept packets
from the client until the next packet is sent *to* the client, re-installing
the route.

There's a "cache" of "active routes", and if a packet to a new destination
has to be routed by the openvpn server (internally) it will look up the
route, and put it into the cache...

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             ge...@gr...
fax: +49-89-35655025                        ge...@ne...