On 01/11/2010 08:31:01 AM, Enrico Scholz wrote: > > no; it is because the OpenVPN client creates the same src + dst pair > for every connection. I suggest to read some papers about stateful > firewalls before continuing this discussion.
Enrico is right. It's in the IP RFC, the 2MSL (twice the maximum segment lifetime) rule. (STD 5 is the right rfc?) I haven't otherwise been following the discussion, but if there's no other way to do what he wants to do with OpenVPN then OpenVPN is violating the RFC. Karl <k...@meme.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein