Hi Joshua, joshua gross wrote: > > We have a pretty plain openvpn setup. But we are consistently seeing > this in our server logs, on both our udp and tcp instances of openvpn. > Anyway to make this not happen from a client or server change? > > openvpn-tcp-443.log:Mon Jun 24 21:00:43 2013 us=609478 > user_name/176.224.69.12:39939 <http://176.224.69.12:39939/> MULTI: bad > source address from client [176.224.69.12], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:00:43 2013 > us=750001 user_name/200.142.133.21:12109 > <http://200.142.133.21:12109/> MULTI: bad source address from client > [10.96.192.225], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:00:44 2013 > us=815737 user_name/200.142.133.21:12109 > <http://200.142.133.21:12109/> MULTI: bad source address from client > [10.96.192.225], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:00:45 2013 > us=776301 user_name/200.142.133.21:12109 > <http://200.142.133.21:12109/> MULTI: bad source address from client > [10.96.192.225], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:00:49 2013 > us=942991 user_name/200.142.133.21:12109 > <http://200.142.133.21:12109/> MULTI: bad source address from client > [10.96.192.225], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:00:51 2013 > us=129790 user_name/176.224.69.12:39939 > <http://176.224.69.12:39939/> MULTI: bad source address from client > [176.224.69.12], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:01:05 2013 > us=489314 user_name/176.224.69.12:39939 > <http://176.224.69.12:39939/> MULTI: bad source address from client > [176.224.69.12], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:01:27 2013 > us=129346 user_name/176.224.69.12:39939 > <http://176.224.69.12:39939/> MULTI: bad source address from client > [176.224.69.12], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:01:38 2013 > us=249586 user_name/176.224.69.12:39939 > <http://176.224.69.12:39939/> MULTI: bad source address from client > [176.224.69.12], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:02:13 2013 > us=49611 user_name/176.224.69.12:39939 > <http://176.224.69.12:39939/> MULTI: bad source address from client > [176.224.69.12], packet dropped > openvpn-tcp-443.log:Mon Jun 24 21:02:39 2013 > us=809346 user_name/176.224.69.12:39939 > <http://176.224.69.12:39939/> MULTI: bad source address from client > [176.224.69.12], packet dropped > > this can happend when the clients are running Windows and when the file sharing protocol is bound to the tap-win32 adapter - in that case Windows sometimes uses the wrong source address. Unfortunately, there's little that can be done about this.
HTH, JJK > I've attached our config below: > > port 443 > proto tcp > dev tun > ca /etc/ssl/certs/ca.crt > cert /etc/ssl/certs/server.crt > key /etc/ssl/private/server.key # This file should be kept secret > dh /etc/ssl/private/dh1024.pem > server 10.10.0.0 255.255.0.0 > ifconfig-pool-persist ipp.txt > client-cert-not-required > username-as-common-name > plugin /usr/local/surfeasy/lib/openvpn-remote-auth.so "some special args" > script-security 2 execve > tmp-dir /dev/shm > # Accounting > client-connect "/usr/local/surfeasy/lib/usage_connect_disconnect.rb > url "*" > client-disconnect "/usr/local/surfeasy/lib/usage_connect_disconnect.rb > url "*"" > management 127.0.0.1 40002 > push "redirect-gateway def1 bypass-dhcp" > push "dhcp-option DNS 172.16.0.23" > keepalive 10 60 > ping-timer-rem > cipher BF-CBC # Blowfish (default) > comp-lzo > persist-key > persist-tun > status openvpn-tcp-443-status.log 300 > status-version 2 > log-append openvpn-tcp-443.log > verb 4 > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
