MULTI: bad source address from client [::], packet dropped

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tamar
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 30, 2021 1:42 am

MULTI: bad source address from client [::], packet dropped

Post by tamar » Fri Apr 30, 2021 4:44 am

Thank you in advance for your help :) I can connect successfully, and OpenVPN's client (running on Windows10) shows traffic, but I can't actually actually go anywhere.

I don't have a firewall (on my server machine anyway, is additional port forwarding needed on the router side)? and I don't use iptables so I'm not sure if that's a consideration too, but I did check these settings to no avail.

FWIW, the local IP of the machine is 10.10.10.10. The router/DHCP server is 10.10.10.1. I'm sure I have some dhcp/route settings wrong, but I hate subnets and may need this spelled out.

OS

Linux 5.11.16-300.fc34.x86_64 #1 SMP Wed Apr 21 13:18:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux


Server Config

port 82
proto udp
proto udp6
dev tun
ca ca.crt
cert issued/server.crt
key private/server.key # This file should be kept secret
dh dh.pem
topology subnet
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA512
route 10.10.10.1 255.255.255.0


Client Config

client
tls-client
pull
dev tun
proto udp
remote tamar.zapto.org 82
resolv-retry infinite
nobind
dhcp-option DNS 8.8.8.8
persist-key
persist-tun
key-direction 1
tls-auth ta.key 1
comp-lzo
verb 4
ca ca.crt
cert client.crt
key client.key
auth SHA512
cipher AES-256-CBC
client-config-dir ccd


CCD file

iroute 10.10.10.1 255.255.255.0



These are partial, I got an error when trying to paste more.
Error Logs

client/10.10.10.1:51145 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/10.10.10.1:51145 IP packet with unknown IP version=0 seen
client/10.10.10.1:51145 MULTI: bad source address from client [::], packet dropped
client/10.10.10.1:51145 SIGTERM[soft,remote-exit] received, client-instance exiting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8983
Joined: Fri Jun 03, 2016 1:17 pm

Re: MULTI: bad source address from client [::], packet dropped

Post by TinCanTech » Fri Apr 30, 2021 2:17 pm

Re: MULTI: bad source address from client [::], packet dropped
You can ignore that.
tamar wrote:
Fri Apr 30, 2021 4:44 am
I don't use iptables
You need iptables or some-such, like ufw ..

tamar
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 30, 2021 1:42 am

Re: MULTI: bad source address from client [::], packet dropped

Post by tamar » Fri Apr 30, 2021 2:46 pm

Thanks @TinCanTech - so I have iptables running, but not sure what rules to set up then. I'm not getting any outbound traffic from the connected VPN at all, so I'll take your recommendations on what's needed here. I appreciate it!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8983
Joined: Fri Jun 03, 2016 1:17 pm

Re: MULTI: bad source address from client [::], packet dropped

Post by TinCanTech » Fri Apr 30, 2021 3:15 pm

Says what you need in the howto you already read.

tamar
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 30, 2021 1:42 am

Re: MULTI: bad source address from client [::], packet dropped

Post by tamar » Fri Apr 30, 2021 3:53 pm

So like I said, I don't understand subnets etc and don't know what IPs I'm supposed to use for iptables.

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
This command assumes that the VPN subnet is 10.8.0.0/24 (taken from the server directive in the OpenVPN server configuration) and that the local ethernet interface is eth0.
Sorry I'm dense here, but I need it dumbed down a little more. I can change the ethernet interface, but I don't know the former.

The VPN subnet server directive as I pasted before from my server.conf, this is what I have:

Code: Select all

server 172.16.0.0 255.255.255.0
So does the iptables routing then become

Code: Select all

iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
Somehow I don't think that is correct.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8983
Joined: Fri Jun 03, 2016 1:17 pm

Re: MULTI: bad source address from client [::], packet dropped

Post by TinCanTech » Fri Apr 30, 2021 4:04 pm

That looks about right, also make sure your interface is called eth0.

tamar
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 30, 2021 1:42 am

Re: MULTI: bad source address from client [::], packet dropped

Post by tamar » Fri Apr 30, 2021 8:58 pm

Yes, it's actually enp3s0 - the appropriate adjustment was made.

Thanks - I guess I assumed the 172.16.x.x subnet wouldn't be in the iptables (I did 10.10.0.0 since that's how my private network is defined). Looks like that solved it for me, hoping the people who connect don't have issues, thank you.

Post Reply