Bug #6565
closed
OpenVPN calculates incorrect TCP checksums when running in bridged/tap mode with 'mode server'
0%
Description
When a connected OpenVPN client attempts to establish a TCP connection with a pfSense OpenVPN server, the server response with a SYN-ACK with an incorrectly calculated TCP checksum (tap server with a bridged internal interface).
This situation only occurs when OpenVPN is running in 'mode server', and is not apparent when running as a peer-to-peer server.
It therefore is not possible to connect to services (e.g. the web interface of the pfSense OpenVPN server), without TCP checksum offloading being disabled, when OpenVPN is running in 'mode server'.
I believe this bug was introduced fairly recently (maybe 2.3 branch).
Updated by Chris Buechler almost 9 years ago
with tap I'm guessing? That's not the case with tun. Any IP assigned to the server itself is affected (tap IP, LAN IP, etc.)?
Updated by Geoff Jones almost 9 years ago
Chris Buechler wrote:
with tap I'm guessing? That's not the case with tun. Any IP assigned to the server itself is affected (tap IP, LAN IP, etc.)?
Yes and yes.
Updated by Jim Pingle over 5 years ago
- Category set to OpenVPN
- Status changed from New to Closed
Old report, this was several OS and OpenVPN versions ago, and no recent sightings.