MULTI: bad source address from client [x.x.x.x], packet dropped

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Genom
OpenVpn Newbie
Posts: 5
Joined: Tue Feb 02, 2016 11:57 am

MULTI: bad source address from client [x.x.x.x], packet dropped

Post by Genom » Thu Sep 29, 2022 1:27 am

I had a running OpenVPN server on a RPi (buster, Debian 10). After upgrade it stopped working completely. Before that I had some issues with some public networks, which I did not investigate. When I connect with my Ubuntu (18.04), indicator shows that I am connected to VPN but I do not get any connection. ping returns no packets. Server openvpn logs show:

Code: Select all

MULTI: bad source address from client [x.x.x.x], packet dropped
Here [x.x.x.x] are client local IP address.

Ubuntu Client [x.x.x.x] --- Router A --- Internet --- Router B --- Server/RPi

Here is my server.conf:
Server Config
local 192.168.x.x # THIS IS MY RASPBERRY PI LOCAL IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/cert.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/cert.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.x.x 255.255.255.0" # THIS IS MY RASPBERRY PI LOCAL IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 8.8.4.4" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1 bypass-dhcp"
#push "redirect-gateway local"

client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 4


I also have a firewall rule script:

Code: Select all

#!/bin/sh 
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
I really tried to understand but it does not make sense. Some sources mention that I need to make client specific config dir. But this was not necessary before. And how come the server received the local IP address of the client? Server only needs to know the public IP of the client/Router A.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: MULTI: bad source address from client [x.x.x.x], packet dropped

Post by TinCanTech » Thu Sep 29, 2022 1:43 am

Genom wrote:
Thu Sep 29, 2022 1:27 am
MULTI: bad source address from client [x.x.x.x], packet dropped
You can safely ignore this, it is not the cause of what-ever the problem is.

Genom
OpenVpn Newbie
Posts: 5
Joined: Tue Feb 02, 2016 11:57 am

Re: MULTI: bad source address from client [x.x.x.x], packet dropped

Post by Genom » Thu Sep 29, 2022 10:01 pm

It turns out that my ethernet interface was named in enx.... format instead of eth0. So I needed to update the rule script with enx.... instead of eth0. Now it is working.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: MULTI: bad source address from client [x.x.x.x], packet dropped

Post by TinCanTech » Thu Sep 29, 2022 10:53 pm

Thanks for letting us know 8-)

It is a shame that the description of the problem had nothing to do with the solution.
Otherwise, this could serve as an example solution for others..

Post Reply