Server dropping traffic if src IP address is not VPN Client

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
bigD
OpenVpn Newbie
Posts: 1
Joined: Fri Sep 10, 2021 3:05 pm

Server dropping traffic if src IP address is not VPN Client

Post by bigD » Fri Sep 10, 2021 3:32 pm

We have a client/server setup. The client is a Linux NAT box which uses a iptable nat DNAT rule to change the destination IP address to the private IP (tun) address of the OpenVPN server (from the public IP address of the OpenVPN client).

If we do NOT change the source IP address of the packet (leave it an external IP address) it gets to the eth0 interface of the OpenVPN server, but does not get to the tun0 interface.

Any ideas what is happening?

SOLUTION - OpenVPN is dropping it because it doesn't have a path back to the source.

trideep
OpenVpn Newbie
Posts: 9
Joined: Tue Jul 06, 2021 7:05 am

Re: Server dropping traffic if src IP address is not VPN Client

Post by trideep » Tue Sep 14, 2021 4:57 am

That is an expected behavior. If the client sends a packet with src ip not same as the client ip, the packet is dropped.

Post Reply