On 01/11/2010 08:31:01 AM, Enrico Scholz wrote:
>
> no; it is because the OpenVPN client creates the same src + dst pair
> for every connection. I suggest to read some papers about stateful
> firewalls before continuing this discussion.
Enrico is right. It's in the IP RFC, the 2MSL (twice the maximum
segment lifetime) rule. (STD 5 is the right rfc?)
I haven't otherwise been following the discussion, but if there's
no other way to do what he wants to do with OpenVPN then
OpenVPN is violating the RFC.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
