Comments on: Openvpn – MULTI: bad source address from client – solution

By: billy

billy — Sun, 25 Jul 2010 17:35:48 +0000

hmmm, i think i clue into something now. for some reason with persist-tun and all that business the same client has been remembered but i don’t know how that memory of default gateway has been passed down to another PC that tries to re-use the same key to connect. so there is a mixup between the previous connection and the connection later evoked. so somehow the default gateway has been calculatd and wrong info has been pushed over to the PC client hence it wont establish a good connection. I still am foggy about the detail but start to get some hint of that.

By: billy

billy — Sun, 25 Jul 2010 13:20:16 +0000

I create 2 clients, each with its own key and common name. 1 client carries a subnet with it, being a router itself. The other client is a single PC client so eventually it should just be referred as by its virtual address assigned. I have since established connection with my router client. Everything is dandy. Server can ping it and it in turn can access everything offered by server. Its base address is 192.168.3.1. Its DHCP address assignement starts from 192.168.3.100 to 192.168.3.110. In the CCD dir, it has iroute 192.168.3.0 255.255.255.0 in its file.

The other PC client seems to have hard time configurating after connection made. Its CCD file, named as its common name, is empty since it really has no subnet and IP address. At a certain point, its learned address becomes 192.168.3.8!! to me it seems impossible that all of a sudden an address pops up like that because it is the domain of another client.

Here is relevant part of the logging:

us=5776 vistakey/41.225.221.152:1186 MULTI: Learn: 10.8.0.10 -> vistakey/41.225.221.152:1186
Sun Jul 25 06:00:12 2010 us=5804 vistakey/41.225.221.152:1186 MULTI: primary virtual IP for vistakey/41.225.221.152:1186: 10.8.0.10
Sun Jul 25 06:00:14 2010 us=87463 vistakey/41.225.221.152:1186 PUSH: Received control message: ‘PUSH_REQUEST’
Sun Jul 25 06:00:14 2010 us=87558 vistakey/41.225.221.152:1186 SENT CONTROL [vistakey]: ‘PUSH_REPLY,route 192.168.7.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 192.168.7.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9′ (status=1)
Sun Jul 25 06:00:21 2010 us=829529 vistakey/41.225.221.152:1186 MULTI: Learn: 192.168.3.8 -> emna-key/206.248.133.50:2509
Sun Jul 25 06:00:21 2010 us=829597 vistakey/41.225.221.152:1186 MULTI: bad source address from client [192.168.3.8], packet dropped
Sun Jul 25 06:00:26 2010 us=855269 vistakey/41.225.221.152:1186 MULTI: bad source address from client [192.168.3.8], packet dropped
Sun Jul 25 06:00:36 2010 us=813174 vistakey/41.225.221.152:1186 MULTI: bad source address from client [192.168.3.8], packet dropped

Emna-key is from the router client and vistakey is from the PC client. The above logging is taken when PC vistakey is trying to gain connection from server. In fact, another logging I got yesterday with different level of verbosity indicates teh PC client getting a default_gateway route of 192.168.3.0… which is totally unexpected because it’s the subnet of emna-key!

By: KAR

KAR — Tue, 13 Jul 2010 15:50:11 +0000

i have the same problem, but a need send data over SQL Database, when send data y receib the message :
Openvpn – MULTI: bad source address from client ,
i add this solution on my configuration files, but the problem persist.

By: kargig

kargig — Mon, 05 Jul 2010 04:32:37 +0000

On the CCD file you add the internal LAN subnet and not the dynamic WAN IP

By: Echizen

Echizen — Wed, 30 Jun 2010 20:08:48 +0000

Hi, i got this error too, in this case i am using dynamic ip address from my ISP, how to add multiple Ip (ip range, for example 198.0.0.1 to 198.0.0.100) in to ccd file?
thanks

By: Robynhub

Robynhub — Thu, 10 Dec 2009 13:54:01 +0000

Thanks so much! You saved my life!!!

By: Mikael

Mikael — Mon, 12 Oct 2009 08:09:56 +0000

Worked for me, but I had to remove route …. after client-config-dir. I have the same scenario as yegle, so I am wondering how to solve this when I add more users. Any idea?

By: yegle

yegle — Sun, 27 Sep 2009 10:38:14 +0000

I faced this problem too…
And my problem is, there are two users whose LAN IP ranges are the same…

By: Marcus Jabber

Marcus Jabber — Thu, 17 Sep 2009 20:39:37 +0000

Thanks a lot!

You saved my day!

By: skfx

skfx — Thu, 13 Aug 2009 23:55:22 +0000

Thank you very much, did the trick here as well

By: ras0ir

ras0ir — Wed, 08 Jul 2009 17:37:28 +0000

Thank you very much, solved my issue!

By: Mario

Mario — Wed, 08 Jul 2009 14:27:11 +0000

@Qhappy
Your log shows lines like this:

Tue Jan 27 09:53:48 2009 client-1/119.137.85.240:2114 MULTI: bad source address from client [192.168.1.103], packet dropped

You can see “client-1″ in that line. Make sure that the CCD file is (exactly) named client-1 and world readable.

By: Marcos Pawloski

Marcos Pawloski — Mon, 29 Jun 2009 21:37:13 +0000

Tanks a lot..your post solved all the problems with my VPN!

By: Chris

Chris — Sat, 16 May 2009 20:32:39 +0000

Thank you. Solved my issue too.

By: Qhappy

Qhappy — Wed, 06 May 2009 02:34:55 +0000

Thank you !I did the same problem!
I finally came across your site and your solution fixed my issue. Thanks!