I have a small problem with firewall (iptables) regarding vpn connection. All the configuration works fine as long as i can user following scenarios settings:
1.
Connect from public-IP (client) to public-IP (server)
no problems
2.
Connect from lan-IP (clinet) to lan-IP (server). All local IP's
no problems
3.
Connect form lan-IP (client) to public-IP (server). From local IP to the same local network but via public IP.
following error:
Code: Select all
openvpn.log contains:
--
Tue Jun 4 15:39:21 2019 192.168.1.104:52894 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.104:52894
Tue Jun 4 15:39:22 2019 192.168.1.104:52894 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1559659157) Tue Jun 4 15:39:17 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
--server config
log-append /var/log/openvpn.log
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert cert.crt
key key.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem[/code]
I am sure is a simple way of dealing with the problem