OpenVPN Mixing up Connections, possibly leaking unrelated address



  • I have two sites and I'm trying to get everything fully redundant with multi-wan.

    For the time being I am working on Site A before I move on to Site B.

    Site A has two WAN connections and has an OpenVPN server for remote access. Site A also runs an OpenVPN client to Site B for site-to-site VPN.

    I followed these instructions exactly: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN now when I attempt to establish a connection from a computer at site C it fails and I get this error in the OpenVPN client log:

    Incoming packet rejected from [AF_INET]SITEB_WAN:1194[2], expected peer address: [AF_INET]SITEA_WAN2:1196 (allow this incoming source address/port by removing –remote or adding --float)

    If I add float to the configuration obviously I get TLS Error: local/remote TLS keys are out of sync: [AF_INET]SITEB_WAN:1194 because each OpenVPN sever uses different keys.

    I really don't know what is going on. If I connect to Site A it should just be a connection to Site A – the OpenVPN client should never be aware of Site B's WAN IP.


  • Rebel Alliance Developer Netgate

    Can you describe in more detail how you have the VPN(s) setup? Which specific OpenVPN modes, and how the client/server instances are arranged?


Log in to reply