Project

General

Profile

Actions

Bug #10814

closed

OpenVPN UDP multihome fails when connecting to an IP that is not logically closest.

Added by Steve Wheeler over 4 years ago. Updated over 4 years ago.

Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
08/04/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

If you connect to the external WAN IP from an OpenVPN client on an internal interface of a pfSense install running an OpenVPN server in UDP multihome mode. it will fail.
The server will reply from the closest interface IP and the client will reject the traffic as it does not come from the IP it connected to.

This is a known bug in FreeBSD:
https://reviews.freebsd.org/D24135

Also documented by OpenVPN:
https://community.openvpn.net/openvpn/ticket/1057

It's possible to work around it by setting the -floating option in the client that allows traffic from any IP once authorized. Or by using TCP, this bug applies only to UDP.

Actions

Also available in: Atom PDF