Project

General

Profile

Actions

Bug #11575

open

OpenVPN clients cannot pass traffic when reconnecting using the same source port

Added by Jim Pingle 8 months ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
02/28/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass traffic.

This appears to be related to the client using the same port when reconnecting. Adding nobind or lport 0 to the client configuration allows it to function as expected. This is viable for remote access clients but not all site-to-site connections which may need to use the same source port in certain cases. We do already default to lport 0 for clients on the firewall.

Initial testing doesn't show it as related to pf states or similar, since clearing the states does not affect this condition.

Since it seems to be a problem in OpenVPN itself, this is mostly for tracking and checking future versions of OpenVPN to see if they solve the problem.

Actions

Also available in: Atom PDF