We have just reconfigured our BM to do VPN services on one of the
adresses of the public interface.

Now, when a VPN client connects, we've seen some odd behaviour on thekeepalive packets.

Normally, when a packet is sent from the client on UDP 353, the server

should reply to that packet using the same source ip address as the
alive packet was adressed to.

But the server sends the reply from the primary address of the publicinterface, not the secondary address that VPN services are bound to.

Is it supposed to work on a seconary ip address?

See attached CAP file, packet 339 & 340.

Hakan Naslund