為了要使得VPN Server可以同時掛兩個ip
(有點線路備援的意味,不過當主要gateway沒了,其實也掰了,假備援啊)
這時候如果client連線到server主要的ip時,因為回去的預設路由一樣,所以會正常
如果連線的是次要的ip時,會因為來的路跟回去的路不一樣導致TLS交握錯誤
這時候可以在client.conf內加入”float”就解決了
以下是原廠的解釋
--float
Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used). --float when specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client.
Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option
Source: http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html