Ping a Specific Port

Question

Isaac Sutherland

Asked: 2016-08-23 11:07:46 +0800 CST2016-08-23 11:07:46 +0800 CST 2016-08-23 11:07:46 +0800 CST

Keep openvpn connected during change in default route interface

772

I have an openvpn server which allows incoming connections from multiple mobile clients. The mobile clients are embedded linux platforms with two possible routes to the Internet: a cellular interface and a wifi interface. The mobile clients spend a lot of time out of range of any available wifi. So most of the time they will use the cellular Internet gateway. When in range of a wifi network, the wifi interface comes up, and the default route is changed to the wifi interface.

Problem: when the wifi interface comes up, the default route is changed to use the wifi interface, so the client openvpn starts sending packets out the wifi interface. These packets arrive at the server, but the server ignores them. I thought that since the server doesn't have a remote directive set, it should automatically allow the client to "float" to a new address, so the server should recognize the packets coming from the client and start responding to the new route immediately. Instead, I see the server's keepalive pings arriving on the client's cellular interface, and I see the client's keepalive pings arriving at the server from its wifi interface. Eventually an Inactivity timeout (--ping-restart) resets the old connection, and a new connection is established successfully via the wifi interface. Why isn't the server letting the client float?

Server configuration:

dev tun0
topology subnet
mode server
tls-server
duplicate-cn
push "topology subnet"
ifconfig 10.0.0.1 255.255.255.0
ifconfig-pool 10.0.0.200 10.0.0.254 255.255.255.0
port 12345
proto udp
persist-key
persist-tun
comp-lzo
ca /etc/openvpn/ssl/tmvca-cacert.pem
cert /etc/openvpn/ssl/principal-cert.pem
key /etc/openvpn/ssl/principal-key.pem
dh /etc/openvpn/ssl/dh1024.pem
username-as-common-name
keepalive 50 120
client-to-client
user nobody
group nogroup
verb 3
float

Client configuration:

client
remote mydomain.com 12345
nobind
proto udp
mssfix 1400
persist-key
persist-tun
dev tun
ns-cert-type server
resolv-retry infinite
ca /opt/odp/openvpn/ca.pem
cert /opt/odp/openvpn/crt.pem
key /opt/odp/openvpn/key.pem
dh /opt/odp/openvpn/dh1024.pem
comp-lzo
verb 3
syslog ovpn-gw
auth-user-pass /opt/odp/openvpn/auth.passwd
writepid "/tmp/ovpn-gw.pid"
tls-remote principal
tls-exit
ipchange /opt/odp/scripts/ipchange.sh
script-security 2

1 Answers

Voted

sebastienvg · Answer 1 · 2016-08-23T12:20:59+08:00

sebastienvg

2016-08-23T12:20:59+08:002016-08-23T12:20:59+08:00

Looking at openvpn forum it seems to be a know issue, I found a patch that maybe could help you https://community.openvpn.net/openvpn/attachment/ticket/49/tlsfloat.patch

0

Keep openvpn connected during change in default route interface

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?