[SOLVED] Openvpn listen on ip

[mad_ady]

Currently openvpn binds all interfaces when listening on a port:

tcp        0      0 :::443                  :::*                    LISTEN      967/vpnserver1

I'd like to start the server and have it listen on a specific IP (ppp0). The purpose is I want to run openvpn on 443 on the external interface and pixelserv-tls on 443 on a internal interface. I know I can use the "listen 1.2.3.4" configuration option, but:
1. /etc/openvpn/* seems to be generated on the fly on server startup. Is there a startup script I can modify to do my own thing? (find the ip on ppp0 and write it in the config before server startup)
2. I think that the server isn't restarted when an interface/ip gets reconfigured. The socket API handles it transparently when bound to 0.0.0.0. I will probably need to do manual restarts on wan changes, right?

Thanks!

 

[Martineau]

1. /etc/openvpn/* seems to be generated on the fly on server startup. Is there a startup script I can modify to do my own thing?

Create openvpnserver1.postconf and modify the config.

 

[mad_ady]

That's a shellscript, right? And is executed before server startup I take it?

Thanks, will do that

 

[Martineau]

That's a shellscript, right? And is executed before server startup I take it?

Yes.

Here is a template for OpenVPN server #1

/jffs/scripts/openvpnserver1.postconf

#!/bin/sh

CONFIG=$1
VPN_ID=$(echo $(basename $0) | grep -oE "[1-2]")

source /usr/sbin/helper.sh

logger -st "($(basename $0))" $$ $VER "Started....." [$@]


# Do custom 'config.ovpn' stuff here....
# e.g.

#logger -st "($(basename $0))" $$ "Replace 'verb 3' with 'verb 9'"
#pc_replace "verb 3" "verb 9" $CONFIG

#logger -st "($(basename $0))" $$ "Delete 'duplicate-cn'"
#pc_delete "duplicate-cn" $CONFIG

#push_lan_metric=100
#/bin/sed -r -i 's/(^push .* vpn_gateway ).*(")/\1'${push_lan_metric}'\2/' "$1"


echo -e "#\n# '$0' Edited this file!" >> $CONFIG

logger -st "($(basename $0))" $$ "Complete."


exit 0

see Wiki Custom-config-files for help on the 'pc_xxxxxx' helper functions

 

[Odkrys]

nooo...

just add
local DDNS or local YOUR IP
in the server custom configuration in GUI...

 

[Martineau]

nooo...

just add
local DDNS or local YOUR IP
in the server custom configuration in GUI...

Hard-coding the OpenVPN 'local xxx.xxx.xxx.xxx' directive is usually fine, but there are scenarios where a '.postconf' script is necessary

e.g. for Dual WAN environments, I posted a '.postconf' script that was for the VPN Client, but works with a minor change for the VPN servers.

[Solved] Dual Wan with 1 OpenVpn Client and ability to choose from which to wan to go out.

 

[mad_ady]

It seems that listen doesn't work when used with the ddns name, sadly:

Mar  4 22:02:46 openvpn[10356]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:28: listen (2.4.3)
Mar  4 22:02:46 openvpn[10356]: Use --help for more information.
Mar  4 22:02:46 syslog: VPN_LOG_ERROR: 1539: Starting VPN instance failed...

I will try with the post config script and let you know.

 

[john9527]

It seems that listen doesn't work when used with the ddns name, sadly

The option isn't 'listen'.....it's 'local'

 

[mad_ady]

Oh, I'll give that a try as well, thanks!

 

[mad_ady]

Yes, local ddns-name worked beautifully. Thank you! Does openvpn need to be restarted manually on wan up/down or does it restart automatically? I will test as soon as possible.

 

[RMerlin]

I suspect that if your WAN IP changes, your server will no longer be listening to the correct IP.

 

[mad_ady]

That's what I suspected. This is my attempted fix in /jffs/scripts/wan-start:

#!/bin/sh
#allow ppp0 to start
sleep 10
#restart openvpn server1 to allow it to listen to the correct IP
service stop_vpnserver1
sleep 4
service start_vpnserver1

We'll see how it goes, thanks!