Bad Source Address

[jimo]

I am currently running 23 OpenVPN connections into a data center for the purpose of file transfers from clients to multiple servers. I am having a problem transferring data from some clients. I get a message on the server side Multi:Bad source address from 192.168.1.10, packet dropped. The 192 address is the client side system LAN address. The odd part is I can ping both ways, remote to the client via remote desktop, and even transfer files if <1meg in size. Anything over this throws 53 and 64 errors on the client side and the above error on the server side. Below are my config files.

All clients use similar config files, but this problem only shows up on 8 clients. The system OS's are all windows.

If anyone has some suggestions to fix this problem, they would be greatly appreciated.

Thanks in advance
Jim O

Client Config File

client
dev tun
;dev-node
proto tcp
remote 216.31.90.170 49601
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert nb01c1.crt
key nb01c1.key
route-method exe
route-delay 2
comp-lzo
verb 3
;mute 20

Server Config File

port 49601
proto tcp
dev tun
;dev-node NB02C15
ca ca.crt
cert SERVER.crt
key SERVER.key
dh dh2048.pem
server 10.99.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
;mute 20

[ecrist]

As covered in the FAQ, the error indicates a machine is trying to route the 192.168.1.0/24 network across the VPN, and the VPN server is dropping the packets, as it does not know how to route them.

The file transfer issue is likely due to your use of TCP rather than UDP. Try running the MTU test for each of the clients with a problem, and adjust within the client config from there.

[jimo]

ecrist

Thanks for the response! I ran MTU test and made the following change to my client config file.

tun-mtu 1440

It made no difference.

As far as TCP vs UDP, I am transferring data files and need TCP for this. However, it makes no difference. I switched to UDP for testing and I get the same problem.

[ecrist]

Not sure what your problem might be, then. UDP is the better protocol for VPN traffic, as it's encapsulating other traffic, usually TCP traffic. In that case, the encapsulated protocol will handle the error correction. You can get into a race condition with window sizing and error correction if you tunnel TCP within another TCP connection.

Try coming in to ##openvpn on the freenode IRC network. There are some folks there who don't frequent this forum that may be able to help you. We don't yet have a feed for the forum for the channel bot, but that should come about soon.