Hi, On Tue, Aug 15, 2023 at 12:54:45PM +0000, Jason Long via Openvpn-users wrote: > I did a tcpdump: > > # tcpdump --interface any udp port 2000 -n -v > tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture > size 262144 bytes > 08:50:47.761991 IP (tos 0x0, ttl 128, id 892, offset 0, flags [DF], proto UDP > (17), length 82) > 192.168.1.21.60461 > 192.168.1.20.2000: UDP, length 54
Client is sending to ip A. > 08:50:47.762524 IP (tos 0x0, ttl 64, id 24726, offset 0, flags [DF], proto > UDP (17), length 94) > 10.10.0.1.2000 > 192.168.1.21.60461: UDP, length 66 >... and server is replying from IP B. >Not sure how you ended there, but if you want the server on 10.10.0.1, >then the client needs to connect to *that* IP. >(I said it before: if a machine has multiple IP addresses and you use >UDP, you *must* use --multihome on the server) >gert Hi Gert, I added the following lines to my server.conf: client-config-dir myclient ccd-exclusive route 192.168.1.0 255.255.255.0 multihome Client showed me: Wed Aug 16 11:01:38 2023 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. Wed Aug 16 11:01:38 2023 Note: ovpn-dco-win driver is missing, disabling data channel offload. Wed Aug 16 11:01:38 2023 OpenVPN 2.6.5 [git:v2.6.5/cbc9e0ce412e7b42] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jun 13 2023 Wed Aug 16 11:01:38 2023 Windows version 6.1 (Windows 7), amd64 executable Wed Aug 16 11:01:38 2023 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10 Wed Aug 16 11:01:38 2023 DCO version: v0 Wed Aug 16 11:01:38 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343 Wed Aug 16 11:01:38 2023 Need hold release from management interface, waiting... Wed Aug 16 11:01:38 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1031 Wed Aug 16 11:01:38 2023 MANAGEMENT: CMD 'state on' Wed Aug 16 11:01:38 2023 MANAGEMENT: CMD 'log on all' Wed Aug 16 11:01:38 2023 MANAGEMENT: CMD 'echo on all' Wed Aug 16 11:01:39 2023 MANAGEMENT: CMD 'bytecount 5' Wed Aug 16 11:01:39 2023 MANAGEMENT: CMD 'state' Wed Aug 16 11:01:39 2023 MANAGEMENT: CMD 'hold off' Wed Aug 16 11:01:39 2023 MANAGEMENT: CMD 'hold release' Wed Aug 16 11:01:39 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.20:2000 Wed Aug 16 11:01:39 2023 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Aug 16 11:01:39 2023 UDPv4 link local: (not bound) Wed Aug 16 11:01:39 2023 UDPv4 link remote: [AF_INET]192.168.1.20:2000 Wed Aug 16 11:01:39 2023 MANAGEMENT: >STATE:1692167499,WAIT,,,,,, Wed Aug 16 11:01:39 2023 MANAGEMENT: >STATE:1692167499,AUTH,,,,,, Wed Aug 16 11:01:39 2023 TLS: Initial packet from [AF_INET]192.168.1.20:2000, sid=2e7d21e3 db47853e Wed Aug 16 11:01:39 2023 VERIFY OK: depth=1, CN=Server Wed Aug 16 11:01:39 2023 VERIFY KU OK Wed Aug 16 11:01:39 2023 Validating certificate extended key usage Wed Aug 16 11:01:39 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Aug 16 11:01:39 2023 VERIFY EKU OK Wed Aug 16 11:01:39 2023 VERIFY OK: depth=0, CN=server Wed Aug 16 11:01:39 2023 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 Wed Aug 16 11:01:39 2023 [server] Peer Connection Initiated with [AF_INET]192.168.1.20:2000 Wed Aug 16 11:01:39 2023 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 Wed Aug 16 11:01:39 2023 TLS: tls_multi_process: initial untrusted session promoted to trusted Wed Aug 16 11:01:39 2023 AUTH: Received control message: AUTH_FAILED Wed Aug 16 11:01:39 2023 SIGUSR1[soft,auth-failure] received, process restarting Wed Aug 16 11:01:39 2023 MANAGEMENT: >STATE:1692167499,RECONNECTING,auth-failure,,,,, Wed Aug 16 11:01:39 2023 Restart pause, 1 second(s) What is your opinion? -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
