Davide Brini wrote:
On Friday 11 December 2009, James Yonan wrote:

Try adding the "nobind" directive to your client config file.  I think
this will solve the problem.

That seems indeed to do it. Thank you very much!

However, never in my life could I have imagined that this was due to a setting *on the client*. For single-homed clients, my (possibly wrong) understanding was that using or not using "nobind" would essentially be the same. Since now I'm curious, could you please kindly provide a bit more insight as to *why* using "nobind" on the client fixes it, and how that affects the server?

Using nobind on the client for UDP client connections generates a socket with a dynamic source port number. This is key because it means that when the client reconnects, it does so with a new source port number, and this allows OpenVPN to detect that the initial UDP packet represents a new connection, and is not part of the old connection.

The problem is that when nobind is not used, the source port on the new connection is recycled -- it's the same as the old connection. So when OpenVPN sees the connection-initiating packet, after the client switches over to the secondary server address, it gets confused because it doesn't expect sessions from a given source address to change its destination address mid-session.

James


Reply via email to