MULTI: bad source address from client[192.168.1.23], packet

[jimmiebtlr]

I get the following error repeated in my server logs
Fri Feb 15 22:43:13 2013 us=176950 jimmie/*.*.*.*:48319 MULTI: bad source address from client [192.168.1.23], packet dropped

Where the *.*.*.* is the outside address of my client, the 192.168.1.23 is the clients address on its network.

It connects fine, I can access anything on the same machine as the vpn server, but not the internet or other computers on the network.

The configs are as follows

server.conf

Code: Select all

port 1194
proto udp
dev tun
cd "/etc/openvpn/keys"
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
server 10.8.1.0 255.255.255.0
persist-key
persist-tun
topology subnet
keepalive 10 120
verb 5
local 192.168.151.42
user openvpn
group openvpn
client-to-client
comp-lzo
push "redirect-gateway def1"

client.conf

Code: Select all

client
dev tun
remote SERVER_IP 1194 udp
resolv-retry infinite
nobind
cd "/home/jimmie/.openvpn/starlight"
ca ca.crt
cert jimmie.crt
key jimmie.key
tls-auth ta.key 1
persist-key
persist-tun
verb 5
user openvpn
group openvpn
comp-lzo

[maikcat]

did you enabled ip forwarding on your server?

can you post the output of

iptables -L -t nat -v

on your openvpn server?

Michael.

[jimmiebtlr]

iptables -L -t nat -v

Code: Select all

Chain PREROUTING (policy ACCEPT 3 packets, 266 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 3 packets, 266 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1 packets, 212 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1 packets, 212 bytes)
 pkts bytes target     prot opt in     out     source               destination

cat /proc/sys/net/ipv4/ip_forward

Code: Select all

1

[maikcat]

hi there,

your openvpn must perform NAT on packets coming
from tun to eth interface...

you need something like this:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

also check tha howto section

http://openvpn.net/index.php/open-sourc ... l#examples

regards
Michael.

[jimmiebtlr]

Thanks for the help, that command didn't allow to access the internet through the vpn though. I'm looking at the documentation you suggested now.

[jimmiebtlr]

It does appear to have stopped the 'bad source address from client' error though.
EDIT: Still is throwing the bad source address error, doesn't seem to be doing it as often though.

[jimmiebtlr]

Made a few changes and it's working, though I'm still receiving the error.

I think the key was

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

-

Thanks for pointing that out maikcat.

I also enabled ipv6 forwarding, and made a few tweaks to my client.conf. Their currenty states are

client.conf

Code: Select all

client
dev tun
proto udp
remote 50.78.195.36 1194 udp
resolv-retry infinite
nobind
cd "/home/jimmie/.openvpn/starlight"
ca ca.crt
cert jimmie.crt
key jimmie.key
tls-auth ta.key 1
persist-key
persist-tun
verb 6
user openvpn
group openvpn
comp-lzo
ns-cert-type server
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

server.conf

Code: Select all

port 1194
proto udp
dev tun
cd "/etc/openvpn/keys"
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
server 10.8.1.0 255.255.255.0
persist-key
persist-tun
topology subnet
keepalive 10 120
verb 5
local 192.168.151.42
user openvpn
group openvpn
client-to-client
comp-lzo
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.1.1"