Hi, On 29/03/16 09:20, Marc Haber wrote: > Hi, > > I use OpenVPN to attach my notebook and a number of customer sites to > my network and system management tools, and to transport IPv6 to my > notebook regardless of its location. The central node is a server in > housing, running Debian Linux. My OpenVPN setup generally uses UDP as > transport protocol, and certain systems do have static IPv4 and IPv6 > addresses allocated via ifconfig-push and ifconfig-ipv6-push. > > In some situations, I am in a "hostile" network that doesn't allow my > notebook to connect to my OpenVPN server via UDP. For this, I would > like to fall back to TCP/443 for the affected clients. I know this is > suboptimal due to the dreaded tcp-in-tcp issue and has new, > "interesting" MTU issues. Therefore, I would like to use this only as > fallback. > > However, the OpenVPN server does not seem to be able to listen on both > UDP and TCP, and I need to run a second OpenVPN server to listen on > TCP. This makes it impossible to assign the client that is now > connected to the fallback TCP server instead of the default UDP server > its normal IP addresses, which of course causes a truckload of issues > with access lists and DNS. > > Is there a known and accepted workaround that will allow a client to > connect via UDP today and TCP tomorrow while having its normal IP > addresses assigned short of running a dedicated OpenVPN server for > each such client and restarting it with the port changed if there is > the need to do that? > apart from alarig's advice you should add explicit-exit-notify 2 to the client config (or push "explicit-exit-notify 2" to the server UDP config) , to ensure that routes to any old UDP-connected clients are cleaned up ASAP - otherwise you might get into weird routing issues when a client first connects via UDP and then via TCP.
Also, you can never share IP pools this way - but since you're using ifconfig*push you should not be affected by this. HTH, JJK ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
