OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Server dropping traffic if src IP address is not VPN Client

https://forums.openvpn.net/viewtopic.php?t=32982

Page 1 of 1

Server dropping traffic if src IP address is not VPN Client

Posted: Fri Sep 10, 2021 3:32 pm
by bigD
We have a client/server setup. The client is a Linux NAT box which uses a iptable nat DNAT rule to change the destination IP address to the private IP (tun) address of the OpenVPN server (from the public IP address of the OpenVPN client).

If we do NOT change the source IP address of the packet (leave it an external IP address) it gets to the eth0 interface of the OpenVPN server, but does not get to the tun0 interface.

Any ideas what is happening?

SOLUTION - OpenVPN is dropping it because it doesn't have a path back to the source.

Re: Server dropping traffic if src IP address is not VPN Client

Posted: Tue Sep 14, 2021 4:57 am
by trideep
That is an expected behavior. If the client sends a packet with src ip not same as the client ip, the packet is dropped.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/