OpenVPN MAC
-
- Posts: 25
- Joined: Sun Feb 21, 2016 10:34 am
OpenVPN MAC
Hi, we have Virtual Hub configured with Virtual DHCP Server enabled. Several OpenVPN connecting clients change IP before DHCP lease time expires (we used standard 7200 seconds lease time as now). Analysing logs we see different OpenVPN Client having same MAC address and we see also same client connecting to VPN server in different moment with different MAC Address. MAC address are of class like CA-BF-1E-42-XX-XX.
Is softether creating these MAC Addresses on behalf of OpenVPN clients ? why we find duplicated MAC address and so different IP before DHCP lease time expires ?
Best regards
Is softether creating these MAC Addresses on behalf of OpenVPN clients ? why we find duplicated MAC address and so different IP before DHCP lease time expires ?
Best regards
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: OpenVPN MAC
SoftEther VPN generate MAC address from machine name, virtual hub name and session unique ID.
https://github.com/SoftEtherVPN/SoftEth ... on.c#L2340
If you want to keep MAC address on client, please use tap mode OpenVPN.
https://github.com/SoftEtherVPN/SoftEth ... on.c#L2340
If you want to keep MAC address on client, please use tap mode OpenVPN.
-
- Posts: 25
- Joined: Sun Feb 21, 2016 10:34 am
Re: OpenVPN MAC
I do not know where, if upper case conversion or hashing, but MAC address in some point is not uniquely assigned to every DIFFERENTE combination of:
machine name
virtual hub name
session unique ID
As we get same MAC for 2 different machine for 2 different sessions on the same virtual hub.
tap is not an option on limited linux set-top box or smartphone...
machine name
virtual hub name
session unique ID
As we get same MAC for 2 different machine for 2 different sessions on the same virtual hub.
tap is not an option on limited linux set-top box or smartphone...
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: OpenVPN MAC
'machine name' is server's host name.
If the VPN server restarted, MAC address will conflict with previous one.
If the VPN server restarted, MAC address will conflict with previous one.
-
- Posts: 25
- Joined: Sun Feb 21, 2016 10:34 am
Re: OpenVPN MAC
There are MAC address conflict also if no restart happen, probably session id are not managed to be unique in long time intervals, so if one client disconnect and a new client connect nre client get session id of previous client, and so MAC address. It should be sufficent to manage session id to avoid reuse in shot time intervals or somthing like this
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: OpenVPN MAC
Session ID includes a serial number of session since the virtual hub is enabled.
So, multiple session don't have a same MAC address.
Did you turn off the virtual hub?
So, multiple session don't have a same MAC address.
Did you turn off the virtual hub?
-
- Posts: 25
- Joined: Sun Feb 21, 2016 10:34 am
Re: OpenVPN MAC
Turn off ? what do you mean for "turn off" a virtual hub ?
Virtual Hub is Online if you mean this
Virtual Hub is Online if you mean this
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: OpenVPN MAC
Did you use OpenVPN tap mode?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: OpenVPN MAC
I would like to know reproduction condition.
Could you upload log files?
Could you upload log files?
-
- Posts: 25
- Joined: Sun Feb 21, 2016 10:34 am
Re: OpenVPN MAC
To be more robust we developed our software to get id from devices to distinguish also if different devices be using some IP so we cannot reproduce with easy the issue. If we can in the near future reproduce I'll send you log file.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: OpenVPN MAC
OpenVPN protocol doesn't have function that send device ID.