I have an alias on red0 for KeepAlived, but OpenVPN does not respond on it. I can see that OpenVPN is listening on 0.0.0.0 and I can see incoming trafic to port 1194 on the alias IP. Still, no response. Nothing in the logs either.
Can anyone explain why OpenVPN should not respond?
As it turns out, OpenVPN does respond, but from the primary IP. Which is then ignored by the client, because the response is not coming from the same IP.
In detail, OpenVPN is configured to listen on 0.0.0.0:1194. The primary IP is x.x.x.132 and an alias has been setup on x.x.x.134.
3: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0d:b9:49:d0:89 brd ff:ff:ff:ff:ff:ff
inet x.x.x.132/29 brd x.x.x.135 scope global red0
valid_lft forever preferred_lft forever
inet x.x.x.134/29 scope global secondary red0
valid_lft forever preferred_lft forever
OpenVPN thus receives connection requests on x.x.x.132 and on x.x.x.134. I can see that confirmed in /var/log/messages. OpenVPN then replies in both cases using x.x.x.132 as the source address, as tcpdump shows.
In contrast, sshd replies from x.x.x.134 when addressed on that IP. Must be because of TCP versus UDP, I’m sure. But not sure how to remedy it yet.