[SOLVED] Openvpn listen on ip

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

mad_ady

Regular Contributor
Currently openvpn binds all interfaces when listening on a port:
Code:
tcp        0      0 :::443                  :::*                    LISTEN      967/vpnserver1

I'd like to start the server and have it listen on a specific IP (ppp0). The purpose is I want to run openvpn on 443 on the external interface and pixelserv-tls on 443 on a internal interface. I know I can use the "listen 1.2.3.4" configuration option, but:
1. /etc/openvpn/* seems to be generated on the fly on server startup. Is there a startup script I can modify to do my own thing? (find the ip on ppp0 and write it in the config before server startup)
2. I think that the server isn't restarted when an interface/ip gets reconfigured. The socket API handles it transparently when bound to 0.0.0.0. I will probably need to do manual restarts on wan changes, right?

Thanks!
 

Martineau

Part of the Furniture
1. /etc/openvpn/* seems to be generated on the fly on server startup. Is there a startup script I can modify to do my own thing?

Create openvpnserver1.postconf and modify the config.
 

mad_ady

Regular Contributor
That's a shellscript, right? And is executed before server startup I take it?

Thanks, will do that
 

Martineau

Part of the Furniture
That's a shellscript, right? And is executed before server startup I take it?
Yes.

Here is a template for OpenVPN server #1

/jffs/scripts/openvpnserver1.postconf

Code:
#!/bin/sh

CONFIG=$1
VPN_ID=$(echo $(basename $0) | grep -oE "[1-2]")

source /usr/sbin/helper.sh

logger -st "($(basename $0))" $$ $VER "Started....." [[email protected]]


# Do custom 'config.ovpn' stuff here....
# e.g.

#logger -st "($(basename $0))" $$ "Replace 'verb 3' with 'verb 9'"
#pc_replace "verb 3" "verb 9" $CONFIG

#logger -st "($(basename $0))" $$ "Delete 'duplicate-cn'"
#pc_delete "duplicate-cn" $CONFIG

#push_lan_metric=100
#/bin/sed -r -i 's/(^push .* vpn_gateway ).*(")/\1'${push_lan_metric}'\2/' "$1"


echo -e "#\n# '$0' Edited this file!" >> $CONFIG

logger -st "($(basename $0))" $$ "Complete."


exit 0

see Wiki Custom-config-files for help on the 'pc_xxxxxx' helper functions
 
Last edited:

Martineau

Part of the Furniture

mad_ady

Regular Contributor
It seems that listen doesn't work when used with the ddns name, sadly:

Code:
Mar  4 22:02:46 openvpn[10356]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:28: listen (2.4.3)
Mar  4 22:02:46 openvpn[10356]: Use --help for more information.
Mar  4 22:02:46 syslog: VPN_LOG_ERROR: 1539: Starting VPN instance failed...

I will try with the post config script and let you know.
 

mad_ady

Regular Contributor
Yes, local ddns-name worked beautifully. Thank you! Does openvpn need to be restarted manually on wan up/down or does it restart automatically? I will test as soon as possible.
 

RMerlin

Asuswrt-Merlin dev
I suspect that if your WAN IP changes, your server will no longer be listening to the correct IP.
 

mad_ady

Regular Contributor
That's what I suspected. This is my attempted fix in /jffs/scripts/wan-start:
Code:
#!/bin/sh
#allow ppp0 to start
sleep 10
#restart openvpn server1 to allow it to listen to the correct IP
service stop_vpnserver1
sleep 4
service start_vpnserver1

We'll see how it goes, thanks!
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top