On 01/11/2010 08:31:01 AM, Enrico Scholz wrote:

> 
> no; it is because the OpenVPN client creates the same src + dst pair
> for every connection.  I suggest to read some papers about stateful
> firewalls before continuing this discussion.

Enrico is right.  It's in the IP RFC, the 2MSL (twice the maximum
segment lifetime) rule.  (STD 5 is the right rfc?)

I haven't otherwise been following the discussion, but if there's
no other way to do what he wants to do with OpenVPN then
OpenVPN is violating the RFC.


Karl <k...@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein


Reply via email to