I have OpenVPN setup and working. My office is part of a large building that operates several VLANs. Obviously from within our own VLAN I can access local resources, and from somewhere else in the world I can use OpenVPN. But when connected to a different VLAN in the same establishment I cannot do either.
OpenVPN is complaining because it is connecting to the building's external IP address, but the reply is being routed back internally (by switches I have no control over), which means the reply is not from the expected IP. Result:
Incoming packet rejected from [AF_INET]10.67.5.1:1194[2], expected peer address: [AF_INET]195.x.x.x:1194 (allow this incoming source address/port by removing --remote or adding --float)
(x.x.x = censored public ip)
Anyone help? (I realise this is similar to other posts but I thought my problem was a bit different and justified a separate question)
As requested, server conf:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.67.15.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.67.5.0 255.255.255.0" keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
Client config
client remote example.org ca /etc/openvpn/ca.crt cert /etc/openvpn/client_rich.crt key /etc/openvpn/client_rich.key comp-lzo yes dev tun proto udp nobind auth-nocache script-security 2 persist-key persist-tun user openvpn group openvpn
As it said, add a
floatoption to the client config and try again.