OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

strange issue occured bad source address from

https://forums.openvpn.net/viewtopic.php?t=15759

Page 1 of 1

strange issue occured bad source address from

Posted: Fri May 02, 2014 2:25 pm
by Net_Spy
Greetings,

I setup openvpn on my debian based vps and I'm having a very strange issue , I keep getting following messages in my server log and unable to browse through vpn.

Code: Select all

Fri May  2 14:00:09 2014 us=246306 client1/66.20.134.37:49757 MULTI: bad source address from client [fe80::607c:25b:a410:1a25], packet dropped
Fri May  2 14:00:37 2014 us=302222 client1/66.20.134.37:49757 MULTI: bad source address from client [fe80::607c:25b:a410:1a25], packet dropped
Fri May  2 14:00:37 2014 us=302327 client1/66.20.134.37:49757 MULTI: bad source address from client [fe80::607c:25b:a410:1a25], packet dropped
Fri May  2 14:00:37 2014 us=302365 client1/66.20.134.37:49757 MULTI: bad source address from client [fe80::607c:25b:a410:1a25], packet dropped
Fri May  2 14:00:37 2014 us=302397 client1/66.20.134.37:49757 MULTI: bad source address from client [fe80::607c:25b:a410:1a25], packet dropped
Fri May  2 14:00:37 2014 us=302429 client1/66.20.134.37:49757 MULTI: bad source address from client [fe80::607c:25b:a410:1a25], packet dropped
Server config:

Code: Select all

#File-Configuration
port 1194
proto udp
dev tun
ca    /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.10.10.0 255.255.255.0
mode server
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
client-config-dir ccd
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 4

Client Config:

Code: Select all

client
dev tun
dev-node vpn
proto udp
remote x.x.x.x 1194 
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:/vpn/ca.crt
cert C:/vpn/client1.crt
key C:/vpn/client1.key
ns-cert-type server
comp-lzo
verb 3
iptables -v -L -t nat

Code: Select all

Chain PREROUTING (policy ACCEPT 77 packets, 7173 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 68 packets, 6459 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 98 packets, 6623 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  107  7337 MASQUERADE  all  --  any    eth0    anywhere             anywhere
Forwarding is on obviously.

Code: Select all

cat /proc/sys/net/ipv4/ip_forward
1
I did change into my config file added ccd

Code: Select all

# cat /etc/openvpn/ccd/client1
iroute 10.10.10.0 255.255.255.0
My Small Iptables Rule

Code: Select all

#NATT following are working rules:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT

I've removed the IPv6 check from my lan as well . Any help would be appreciated.

Regards
Net_Spy
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/