Peter Stuge <pe...@stuge.se> writes: >> I am running a multihomed host where 'local <extip>' must be >> specified for proper operation. > > Could you add a route and use nobind? Unless you have one openvpn on > each IP that should work.
I would really like to avoid the NAT hackery. >> On ungraceful reconnects, the new TCP connection will have same the >> host/port pairs but unexpected sequence numbers. The new connection >> will be assumed as invalid hence and be dropped. > > I would actually expect the firewall to notice that there is a new > connection. Since it doesn't, maybe you can explicitly allow this > traffic? I do not have access to this firewall. > OpenVPN can certainly be made to do what you describe, but it seems > that there are more ways to solve the problem, and one of those might > suit you better. I think, supporting common TCP/UDP client functionality (which choses random source ports) suits my needs best. I do not see reasons why 'local' must be tied to 'lport'. > I know I would prefer fixing the firewall rules. I would prefer to fix openvpn ;) Enrico
