Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Mixing up Connections, possibly leaking unrelated address

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joako
      last edited by

      I have two sites and I'm trying to get everything fully redundant with multi-wan.

      For the time being I am working on Site A before I move on to Site B.

      Site A has two WAN connections and has an OpenVPN server for remote access. Site A also runs an OpenVPN client to Site B for site-to-site VPN.

      I followed these instructions exactly: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN now when I attempt to establish a connection from a computer at site C it fails and I get this error in the OpenVPN client log:

      Incoming packet rejected from [AF_INET]SITEB_WAN:1194[2], expected peer address: [AF_INET]SITEA_WAN2:1196 (allow this incoming source address/port by removing –remote or adding --float)

      If I add float to the configuration obviously I get TLS Error: local/remote TLS keys are out of sync: [AF_INET]SITEB_WAN:1194 because each OpenVPN sever uses different keys.

      I really don't know what is going on. If I connect to Site A it should just be a connection to Site A – the OpenVPN client should never be aware of Site B's WAN IP.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Can you describe in more detail how you have the VPN(s) setup? Which specific OpenVPN modes, and how the client/server instances are arranged?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.