What's new

[SOLVED] Openvpn listen on ip

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mad_ady

Regular Contributor
Currently openvpn binds all interfaces when listening on a port:
Code:
tcp        0      0 :::443                  :::*                    LISTEN      967/vpnserver1

I'd like to start the server and have it listen on a specific IP (ppp0). The purpose is I want to run openvpn on 443 on the external interface and pixelserv-tls on 443 on a internal interface. I know I can use the "listen 1.2.3.4" configuration option, but:
1. /etc/openvpn/* seems to be generated on the fly on server startup. Is there a startup script I can modify to do my own thing? (find the ip on ppp0 and write it in the config before server startup)
2. I think that the server isn't restarted when an interface/ip gets reconfigured. The socket API handles it transparently when bound to 0.0.0.0. I will probably need to do manual restarts on wan changes, right?

Thanks!
 
1. /etc/openvpn/* seems to be generated on the fly on server startup. Is there a startup script I can modify to do my own thing?

Create openvpnserver1.postconf and modify the config.
 
That's a shellscript, right? And is executed before server startup I take it?

Thanks, will do that
 
That's a shellscript, right? And is executed before server startup I take it?
Yes.

Here is a template for OpenVPN server #1

/jffs/scripts/openvpnserver1.postconf

Code:
#!/bin/sh

CONFIG=$1
VPN_ID=$(echo $(basename $0) | grep -oE "[1-2]")

source /usr/sbin/helper.sh

logger -st "($(basename $0))" $$ $VER "Started....." [$@]


# Do custom 'config.ovpn' stuff here....
# e.g.

#logger -st "($(basename $0))" $$ "Replace 'verb 3' with 'verb 9'"
#pc_replace "verb 3" "verb 9" $CONFIG

#logger -st "($(basename $0))" $$ "Delete 'duplicate-cn'"
#pc_delete "duplicate-cn" $CONFIG

#push_lan_metric=100
#/bin/sed -r -i 's/(^push .* vpn_gateway ).*(")/\1'${push_lan_metric}'\2/' "$1"


echo -e "#\n# '$0' Edited this file!" >> $CONFIG

logger -st "($(basename $0))" $$ "Complete."


exit 0

see Wiki Custom-config-files for help on the 'pc_xxxxxx' helper functions
 
Last edited:
It seems that listen doesn't work when used with the ddns name, sadly:

Code:
Mar  4 22:02:46 openvpn[10356]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:28: listen (2.4.3)
Mar  4 22:02:46 openvpn[10356]: Use --help for more information.
Mar  4 22:02:46 syslog: VPN_LOG_ERROR: 1539: Starting VPN instance failed...

I will try with the post config script and let you know.
 
Yes, local ddns-name worked beautifully. Thank you! Does openvpn need to be restarted manually on wan up/down or does it restart automatically? I will test as soon as possible.
 
I suspect that if your WAN IP changes, your server will no longer be listening to the correct IP.
 
That's what I suspected. This is my attempted fix in /jffs/scripts/wan-start:
Code:
#!/bin/sh
#allow ppp0 to start
sleep 10
#restart openvpn server1 to allow it to listen to the correct IP
service stop_vpnserver1
sleep 4
service start_vpnserver1

We'll see how it goes, thanks!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top