Project

General

Profile

Actions
Copy link

Bug #10814

closed

OpenVPN UDP multihome fails when connecting to an IP that is not logically closest.

Added by Steve Wheeler over 4 years ago. Updated over 4 years ago.

Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
2.5.0
Start date:
08/04/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

If you connect to the external WAN IP from an OpenVPN client on an internal interface of a pfSense install running an OpenVPN server in UDP multihome mode. it will fail.
The server will reply from the closest interface IP and the client will reject the traffic as it does not come from the IP it connected to.

This is a known bug in FreeBSD:
https://reviews.freebsd.org/D24135

Also documented by OpenVPN:
https://community.openvpn.net/openvpn/ticket/1057

It's possible to work around it by setting the -floating option in the client that allows traffic from any IP once authorized. Or by using TCP, this bug applies only to UDP.

Actions
Copy link
 #1

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Needs Patch
Actions
Copy link
 #2

Updated by Jim Pingle over 4 years ago

  • Target version deleted (2.5.0)
Actions
Copy link
 #3

Updated by Jim Pingle over 4 years ago

  • Target version set to 2.5.0

The FreeBSD patch has been merged into head (on FreeBSD), will be MFCd soon so it's probably safe to put a 2.5.0 target back on this.

https://svnweb.freebsd.org/base?view=revision&revision=364018

Actions
Copy link

Also available in: Atom PDF