add allowed_address_pairs does not work,gregardless IP or IP/CIDR, as when user dials in, IP would not bind to a NIC of VPN instance, but to a NIC of a windows client, say, windows 10.
Add MAC address isn't doable, because 1. only a mac addr is allowed to add. 2 you don't know each windows client mac address. I also disable security_group of that port, id does not work, either. So there is no way to fix this unless I change open flow table of br-int manually, which I don't want to do. I'll give up this solutions, put VPN on ESXI platform, or consider using VPNaaS. Thanks. ------------------------------------------------------ Hi, You can disable port_security for this one port and check then if it will work properly. You can also add additional „allowed_address_pairs” and add additional IP address to Your port. Also it it blocks DHCP responses from some external dhcp server, maybe You can add security group rules to allow such kind of traffic and it will then not drop it. — Slawek Kaplonski Senior software engineer Red Hat >* Wiadomość napisana przez luckydog xf <luckydogxf at gmail.com ><https://mail.openvswitch.org/mailman/listinfo/ovs-discuss>> w dniu >26.12.2018, o godz. 05:40: *> >* Yes, it's dropped, I use ovs-ofctl to debug flow table. *> >* I found that VPN cannot run in an instances, just because: *> >* 1. IP varys from time to time, while security group needs IP/Mac address binding. *> >* 2. flow table of br-int won't allow traffic to goes through, as I met in this topic. *> >* Probably VPNaas of Openstack is a good choice. *> >* Thanks.*
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
