4. OpenVPN Mixing up Connections, possibly leaking unrelated address

OpenVPN Mixing up Connections, possibly leaking unrelated address

  • J

    I have two sites and I'm trying to get everything fully redundant with multi-wan.

    For the time being I am working on Site A before I move on to Site B.

    Site A has two WAN connections and has an OpenVPN server for remote access. Site A also runs an OpenVPN client to Site B for site-to-site VPN.

    I followed these instructions exactly: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN now when I attempt to establish a connection from a computer at site C it fails and I get this error in the OpenVPN client log:

    Incoming packet rejected from [AF_INET]SITEB_WAN:1194[2], expected peer address: [AF_INET]SITEA_WAN2:1196 (allow this incoming source address/port by removing –remote or adding --float)

    If I add float to the configuration obviously I get TLS Error: local/remote TLS keys are out of sync: [AF_INET]SITEB_WAN:1194 because each OpenVPN sever uses different keys.

    I really don't know what is going on. If I connect to Site A it should just be a connection to Site A – the OpenVPN client should never be aware of Site B's WAN IP.

    0
  • Rebel Alliance Developer Netgate

    Can you describe in more detail how you have the VPN(s) setup? Which specific OpenVPN modes, and how the client/server instances are arranged?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy