MULTI: bad source address from client

Fiddlesticks · Post by **Fiddlesticks** » Sun Jan 30, 2011 1:55 pm

Hello and thanks in advance once again.

I have a home router with TomatoVPN as CLIENT, set up to connect through to my VPS and reroute all internet traffic through the tunnel. (Using TUN, UDP, port 1194).

All is working well

, except for lines in my server log file as follows:

Code: Select all

Sun Jan 30 13:02:36 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped

Can anyone explain the issues in straightforward terms and point me in the right direction for a fix?

My server conf file is as follows:

Code: Select all

mode server
tls-server
local 95.95.95.95
port 1194
#proto tcp
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
max-clients 10
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 95.154.254.254"
push "dhcp-option DNS 208.67.220.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
user nobody
group nogroup

The full output from openvpn server.conf is :

Code: Select all

Sun Jan 30 13:01:52 2011 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar  9 2009
Sun Jan 30 13:01:52 2011 Diffie-Hellman initialized with 1024 bit key
Sun Jan 30 13:01:52 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sun Jan 30 13:01:52 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 30 13:01:52 2011 ROUTE default_gateway=95.154.254.2
Sun Jan 30 13:01:52 2011 TUN/TAP device tun0 opened
Sun Jan 30 13:01:52 2011 TUN/TAP TX queue length set to 100
Sun Jan 30 13:01:52 2011 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sun Jan 30 13:01:52 2011 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sun Jan 30 13:01:52 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan 30 13:01:52 2011 GID set to nogroup
Sun Jan 30 13:01:52 2011 UID set to nobody
Sun Jan 30 13:01:52 2011 Socket Buffers: R=[129024->131072] S=[129024->131072]
Sun Jan 30 13:01:52 2011 UDPv4 link local (bound): 95.95.95.95:1194
Sun Jan 30 13:01:52 2011 UDPv4 link remote: [undef]
Sun Jan 30 13:01:52 2011 MULTI: multi_init called, r=256 v=256
Sun Jan 30 13:01:52 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Jan 30 13:01:52 2011 IFCONFIG POOL LIST
Sun Jan 30 13:01:52 2011 client1,10.8.0.4
Sun Jan 30 13:01:52 2011 Initialization Sequence Completed
Sun Jan 30 13:02:03 2011 MULTI: multi_create_instance called
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 Re-using SSL/TLS context
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 LZO compression initialized
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 Local Options hash (VER=V4): '530fdded'
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 Expected Remote Options hash (VER=V4): '41690919'
Sun Jan 30 13:02:03 2011 88.88.88.88:1024 TLS: Initial packet from 88.88.88.88:1024, sid=e83fc63f 10dc4723
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 VERIFY OK: depth=1, /C=GB/ST=GB/L=Liverpool/O=mydomain.co.uk/CN=mydomain.co.uk_CA/emailAddress=postmaster@mydomain.co.uk
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 VERIFY OK: depth=0, /C=GB/ST=GB/L=Liverpool/O=mydomain.co.uk/CN=client1/emailAddress=postmaster@mydomain.co.uk
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jan 30 13:02:04 2011 88.88.88.88:1024 [client1] Peer Connection Initiated with 88.88.88.88:1024
Sun Jan 30 13:02:04 2011 client1/88.88.88.88:1024 MULTI: Learn: 10.8.0.6 -> client1/88.88.88.88:1024
Sun Jan 30 13:02:04 2011 client1/88.88.88.88:1024 MULTI: primary virtual IP for client1/88.88.88.88:1024: 10.8.0.6
Sun Jan 30 13:02:07 2011 client1/88.88.88.88:1024 PUSH: Received control message: 'PUSH_REQUEST'
Sun Jan 30 13:02:07 2011 client1/88.88.88.88:1024 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 95.154.254.254,dhcp-option DNS 208.67.220.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Sun Jan 30 13:02:12 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:13 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:23 2011 client1/88.88.88.88:1024 Replay-window backtrack occurred [1]
Sun Jan 30 13:02:23 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:23 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:35 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:35 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:36 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:36 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:36 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:37 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:38 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:39 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped
Sun Jan 30 13:02:42 2011 client1/88.88.88.88:1024 MULTI: bad source address from client [88.88.88.88], packet dropped

Post by **krzee** » Thu Feb 03, 2011 5:23 am

this is one of those times that hiding your IP hurts you...
from what i see 88.88.88.88 is your clients inet IP, and also the IP that traffic is going into the VPN as (over the tun interface)
is this a desktop or a road warrior (phone/laptop/mobile-something)?
are you trying to communicate to or from a machine in the client lan over the vpn?

Fiddlesticks · Post by **Fiddlesticks** » Fri Feb 04, 2011 2:19 am

krzee wrote:this is one of those times that hiding your IP hurts you...
from what i see 88.88.88.88 is your clients inet IP, and also the IP that traffic is going into the VPN as (over the tun interface)
is this a desktop or a road warrior (phone/laptop/mobile-something)?
are you trying to communicate to or from a machine in the client lan over the vpn?

Hello and thanks for the reply. Yes, 88.88.88.88 is the client's public IP address. The client is my home router flashed with Tomato VPN. So my setup is:

Laptop (on home LAN) - 192.168.5.111
Web Request
| /\
| |
V |
Home Wireless Router with openVPN Client - External IP 88.88.88.88
(VPN Client Configured with "create NAT on Tunnel" ticked and "redirect internet traffic" also ticked)
| /\
| |
V |
VPS with openVPN Server installed - 95.95.95.95
(Does the web request on behalf of the client and returns the page)

OpenVPN Support Forum

MULTI: bad source address from client

MULTI: bad source address from client

Re: MULTI: bad source address from client

Re: MULTI: bad source address from client