4. Cant route network through VPN without reboot

Cant route network through VPN without reboot

  • A

    I have been noticing something when moving around my VPN connections which makes me think there is a table that needs to be manually flushed after reconfiguring things. I am wondering if anyone else has the same issue? I have several VPN connections that I am trying to migrate to a different ISP/Interface. If I create a new OpenVPN connection on the new interface and specify my remote network in the new connection (removing it from the old connection) I can connect just fine but when I try to ping from any of the client IP's on the remote firewall (including the LAN interface) I can see the traffic going into the tunnel but I dont see it in the packet captures coming out the other side.

    I also will see some of these messages in my logs "bad source address from client [x.x.x.x], packet dropped."  If I look at my routes I have a route for the ip address mentioned in the packet dropped message and it points to the appropriate vpn interface. If I ping from the OpenVPN interface (which uses the openvpn virtual IP's) I see everything working as expected.

    Now, if I keep working on this for several hours, everything just starts working OR if I reboot my main firewall everything starts working. I am assuming this is some sort of nat/route/filter table that is being rebuilt periodically but I am not sure what to look for and I need to make sure it is something I can change without knocking all my VPN's offline (if possible).

    Has anyone else noticed similar behavior?

    0

  • Regarding

    bad source address from client [x.x.x.x], packet dropped

    Usually means there is a iroute missing.
    Or is that a mobile/4G client?
    Then probably is inside a CGN, so though you see "correct" external address in log, the actual address from client is different.
    One can ignore the message if it`s a mobile client.

    0
  • A

    These are P2P connections and I have the network specified in the remote networks of the main firewall. Also the route appears in both the main firewall and my remote client firewall. I can also try adding push route to the advanced options and will get the same result.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy