OpenVPN Mixing up Connections, possibly leaking unrelated address

joako

I have two sites and I'm trying to get everything fully redundant with multi-wan.

For the time being I am working on Site A before I move on to Site B.

Site A has two WAN connections and has an OpenVPN server for remote access. Site A also runs an OpenVPN client to Site B for site-to-site VPN.

I followed these instructions exactly: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN now when I attempt to establish a connection from a computer at site C it fails and I get this error in the OpenVPN client log:

Incoming packet rejected from [AF_INET]SITEB_WAN:1194[2], expected peer address: [AF_INET]SITEA_WAN2:1196 (allow this incoming source address/port by removing –remote or adding --float)

If I add float to the configuration obviously I get TLS Error: local/remote TLS keys are out of sync: [AF_INET]SITEB_WAN:1194 because each OpenVPN sever uses different keys.

I really don't know what is going on. If I connect to Site A it should just be a connection to Site A – the OpenVPN client should never be aware of Site B's WAN IP.

jimp

Can you describe in more detail how you have the VPN(s) setup? Which specific OpenVPN modes, and how the client/server instances are arranged?