Hi, I have a strange issue with MASQUERAD'ing openvpn over ppp0 which uses udp port 1194. When the ppp0 interface goes down and up (issued by the ISP every 24h to recycle IPs ...), udp packages don't make it past the netfilter gateway. Using tethereal on the gateway I see the packages going in, but they don't get SNATted, nor do they got sent out over ppp0. I also don't get any ICMP errors back or similar. I checked /proc/net/ip_conntrack, and saw that the connection was still registred and the timeout would restart every second since the openvpn daemon on the inner client retried every second. Shutting the client down for 30 sec to allow the timeout to pass and the connetcion to vanish from /proc/net/ip_conntrack and restarting openvpn is a workaround (if one doesn't wait for the connection to vanish and restarts openvpn before that the problem remains). It looks like the state of the upd connections is not forgotten as MASQUERADE implies. This is on Fedora Core 4 on all components which contains kernel-2.6.15-1.1831_FC4 iptables-1.3.0-2 (The kernel is 2.6.15.4 based) Thanks! -- Axel.Thimm at ATrpms.net
Attachment:
pgpnBEmNcDcqq.pgp
Description: PGP signature
