Hi Neil. On Friday 09 July 2004 13:19, Neil Brown wrote: > My server that I hope to use as an OPENVPN server is multi-homed. > i.e. it has multiple network interfaces and multiple addresses on > multiple subnets. > > When my openvpn client (on my notebook) tries to talk to it, it > sometimes gets a reply from a different IP address than it sent the > request to, and it doesn't like that. > This can be alleviated by using the --float option. However that > isn't a complete solution. > > When I try using openvpn from home, behind a NAT (masquerading) firewall, > the reply from a different IP address doesn't get back to me, as the > firewall doesn't know where to route those UDP packets. > > The "correct" solution would be to have openvpn get the destination > address that was used for each incoming packet, record that, and set > is as the source address when sending a reply. > > This is relatively easy to do (at least in Linux, possibly other POSIX > os's). The code link_socket_read_udp_posix in the patch below > successfully gets the destination address, and the code added to > link_socket_write_udp_posix sets the source address properly. > I have checked this by removing the "if (0)" in the latter function, > so the address is passed around in a global variable.
This is a common problem with UDP servers. Recently I tried to fix this in ntp. To my great surprise and disappoinment, ntp folks do not want it to be fixed. Details at http://bugzilla.ntp.org/show_bug.cgi?id=314 I hope openvpn folks have clue and your patch will fare better. -- vda
