Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client doesn't bind to specified CARP interface or specific port

    2.4 Development Snapshots
    2
    6
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmcentire
      last edited by

      I thought this was working from a mid-april snapshot(but I can't be sure), so far I've tested on 4/30 and 5/2 snapshots.

      The openvpn client seems to always use the wan interface and a random outgoing port no matter what interface or port you specify in settings.  Has anyone else noticed this behavior?

      I see this in logs:

      UDP link local (bound): [AF_INET][undef]:43315

      It is missing my specified interface, is showing my specified outgoing port, but still doesn't use it.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        In the OpenVPN Client Protocol dropdown, you probably have selected "UDP IPv4 and Ipv6 on all interfaces (multihome)".
        That ignores the selected interface.
        Select "UDP on IPv4 only"

        I guess the Interface selection should be disabled for the "UDP IPv4 and Ipv6 on all interfaces (multihome)" case.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J
          jmcentire
          last edited by

          I had been messing with that setting while trying to figure it out, with "UDP on IPv4 only" selected I now get this in the log:

          UDPv4 link local (bound): [AF_INET]<wanip>:43315</wanip>

          Note it shows the WAN IP and not the CARP IP I have selected in the interface.  Also the other side of the VPN still shows it trying to connect from a random port(not the port shown in the log).

          1 Reply Last reply Reply Quote 0
          • J
            jmcentire
            last edited by

            Is anyone able to test this, at least get it to bind to a specific local port?

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              I just made a CARP VIP on a test VM and then created an OpenVPN Client on it:

              
May 5 15:58:08 	openvpn 	74211 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 init
May 5 15:58:09 	openvpn 	74211 	TCP/UDP: Preserving recently used remote address [AF_INET]172.22.33.44:1194
May 5 15:58:09 	openvpn 	74211 	UDPv4 link local (bound): [AF_INET]172.17.18.19:4242
May 5 15:58:09 	openvpn 	74211 	UDPv4 link remote: [AF_INET]172.22.33.44:1194

              The CARP IP I made up was 172.17.18.19 and local port selected was 4242 - so it got it right from what I entered in the webGUI.

              So I guess there is something else different/special in your config that impacts this.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • J
                jmcentire
                last edited by

                Thank you for testing that!

                I finally found the problem, after redoing the vpn client it showed it binding to the carp ip and port, however on the vpn server side it still showed the WAN ip and random port.

                Turns out my manual outbound NAT was doing that…I had mistakenly used "This Firewall" instead of 127.0.0.0/8 on my outbound NAT for the firewall.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.