-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/03/11 22:44, Federico Heinz wrote: | On 12/03/2011, Peter Stuge wrote: [...snip...] |> [...] unless you are prepared to listen on 0.0.0.0, which I would |> guess already works without special OpenVPN options or code. | | Only... it doesn't work in all setups. As described in shorewall's | multi-ISP guide[1] (search for "OpenVPN" in that page), sometimes you | need to bind the daemon to a specific interface. | | That guide talks about binding to the interface in order to force | traffic through a certain ISP (something I hope you will agree can be | useful under a number of circumstances), but I have found that having | OpenVPN listen on 0.0.0.0 in such a setup does not work properly: | connections are unstable and drop for no apparent reason, and | establishing the tunnel fails intermittently.
As Davide Brini already mentioned, I really wonder if this issue is due to lack of --multihome in your configuration, combined with listen on 0.0.0.0. ~From the man page: ~ --multihome ~ Configure a multi-homed UDP server. This option can be used ~ when OpenVPN has been configured to listen on all interfaces, ~ and will attempt to bind client sessions to the interface on ~ which packets are being received, so that outgoing packets will ~ be sent out of the same interface. Note that this option is ~ only relevant for UDP servers and currently is only implemented ~ on Linux. ~ Note: clients connecting to a --multihome server should always ~ use the --nobind option. Can you please test this? kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk18HQUACgkQDC186MBRfrpvQgCgqTw4Iz0xieT6wDjzaiD8jowJ XiQAn3JB+UgBFSaR9dD4eIexVJodfjXM =LXsh -----END PGP SIGNATURE-----
