We have a client/server setup. The client is a Linux NAT box which uses a iptable nat DNAT rule to change the destination IP address to the private IP (tun) address of the OpenVPN server (from the public IP address of the OpenVPN client).
If we do NOT change the source IP address of the packet (leave it an external IP address) it gets to the eth0 interface of the OpenVPN server, but does not get to the tun0 interface.
Any ideas what is happening?
SOLUTION - OpenVPN is dropping it because it doesn't have a path back to the source.
Server dropping traffic if src IP address is not VPN Client
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Sep 10, 2021 3:05 pm
-
- OpenVpn Newbie
- Posts: 9
- Joined: Tue Jul 06, 2021 7:05 am
Re: Server dropping traffic if src IP address is not VPN Client
That is an expected behavior. If the client sends a packet with src ip not same as the client ip, the packet is dropped.