Bug #3061
OpenVPN roadwarrior doesn't work with MultiWan configured
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-openvpn | |||
Target version: | v6.6 | |||
Security class: | Resolution: | |||
Affected version: | v6.5 | NEEDINFO: | No |
Description
With MultiWAN
enabled, pc clients cannot connect to OpenVPN roadwarrior
server.
in "/var/log/openvpn/openvpn.log"
you'll find:
Wed Feb 25 17:43:18 2015 89.96.243.227:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Feb 25 17:43:18 2015 89.96.243.227:1194 TLS Error: TLS handshake failed Wed Feb 25 17:43:18 2015 89.96.243.227:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
and looking at red interfaces you'll see traffic go through all nics:
# tcpdump -nn -p -i eth1 port 1194 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 17:43:21.101779 IP 2.118.245.107.1194 > 89.96.243.227.1194: UDP, length 26 17:43:23.378414 IP 2.118.245.107.1194 > 89.96.243.227.1194: UDP, length 14 17:43:23.481847 IP 2.118.245.107.1194 > 89.96.243.227.1194: UDP, length 22 17:43:27.132892 IP 2.118.245.107.1194 > 89.96.243.227.1194: UDP, length 26 17:43:35.202543 IP 2.118.245.107.1194 > 89.96.243.227.1194: UDP, length 14 # tcpdump -nn -p -i eth2 port 1194 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes 17:43:21.100602 IP 89.96.243.227.1194 > 192.168.1.2.1194: UDP, length 14 17:43:23.481575 IP 89.96.243.227.1194 > 192.168.1.2.1194: UDP, length 14 17:43:27.132638 IP 89.96.243.227.1194 > 192.168.1.2.1194: UDP, length 14 17:43:35.488057 IP 89.96.243.227.1194 > 192.168.1.2.1194: UDP, length 14 17:43:51.677835 IP 89.96.243.227.1194 > 192.168.1.2.1194: UDP, length 14installed packages:
- nethserver-openvpn-1.1.2-1.ns6.noarch
- nethserver-vpn-1.1.4-1.ns6.noarch
- openvpn-2.3.1-3.el6.x86_64
Associated revisions
Client and server: fix configuration for multiwan. Refs #3061
History
#1 Updated by Nicola Rauso over 6 years ago
Adding "multihome"
directive to OpenVPN configuration file solved the issue.
From "openvpn"
man page:
multihome Configure a multi-homed UDP server. This option can be used when OpenVPN has been configured to listen on all interfaces, and will attempt to bind client sessions to the interface on which packets are being received, so that outgoing packets will be sent out of the same interface. Note that this option is only relevant for UDP servers and currently is only implemented on Linux.
#2 Updated by Giacomo Sanchietti over 6 years ago
- Subject changed from OpenVPN roadwarrior doesn't works with MultiWan configured to OpenVPN roadwarrior doesn't work with MultiWan configured
- Category set to nethserver-openvpn
- Status changed from NEW to TRIAGED
- Target version set to v6.6
- % Done changed from 0 to 20
#3 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
- Affected version set to v6.5
#4 Updated by Giacomo Sanchietti over 6 years ago
Also add the nobind
option to client configuration.
#5 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#6 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Package in nethserver-testing:
nethserver-openvpn-1.1.2-1.10.ge11859b.ns6.noarch.rpm
- Create a new account, download OpenvPN configuration and check the option
nobind
is present inside the configuration file - Check the bug is not reproducible
#7 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Updated: nethserver-openvpn.noarch 0:1.1.2-1.10.ge11859b.ns6 Complete! [root@nsrv ~]# diff host-to-net.conf /etc/openvpn/host-to-net.conf 18a19 > multihome
$ tail -4 filippo\ \(1\).ovpn persist-key persist-tun nobind
#8 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver-base:
- nethserver-openvpn-1.2.0-1.ns6.noarch.rpm