OpenVPN Mixing up Connections, possibly leaking unrelated address

OpenVPN
Log in to reply
  • J

    I have two sites and I'm trying to get everything fully redundant with multi-wan.

    For the time being I am working on Site A before I move on to Site B.

    Site A has two WAN connections and has an OpenVPN server for remote access. Site A also runs an OpenVPN client to Site B for site-to-site VPN.

    I followed these instructions exactly: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN now when I attempt to establish a connection from a computer at site C it fails and I get this error in the OpenVPN client log:

    Incoming packet rejected from [AF_INET]SITEB_WAN:1194[2], expected peer address: [AF_INET]SITEA_WAN2:1196 (allow this incoming source address/port by removing –remote or adding --float)

    If I add float to the configuration obviously I get TLS Error: local/remote TLS keys are out of sync: [AF_INET]SITEB_WAN:1194 because each OpenVPN sever uses different keys.

    I really don't know what is going on. If I connect to Site A it should just be a connection to Site A – the OpenVPN client should never be aware of Site B's WAN IP.

    0
  • jimp
    Rebel Alliance Developer Netgate

    Can you describe in more detail how you have the VPN(s) setup? Which specific OpenVPN modes, and how the client/server instances are arranged?

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy