OpenVPN client doesn't bind to specified CARP interface or specific port

jmcentire · May 2, 2017, 8:47 PM

I thought this was working from a mid-april snapshot(but I can't be sure), so far I've tested on 4/30 and 5/2 snapshots.

The openvpn client seems to always use the wan interface and a random outgoing port no matter what interface or port you specify in settings. Has anyone else noticed this behavior?

I see this in logs:

UDP link local (bound): [AF_INET][undef]:43315

It is missing my specified interface, is showing my specified outgoing port, but still doesn't use it.

phil.davis · May 3, 2017, 1:30 AM

In the OpenVPN Client Protocol dropdown, you probably have selected "UDP IPv4 and Ipv6 on all interfaces (multihome)".
That ignores the selected interface.
Select "UDP on IPv4 only"

I guess the Interface selection should be disabled for the "UDP IPv4 and Ipv6 on all interfaces (multihome)" case.

jmcentire · May 3, 2017, 9:14 PM

I had been messing with that setting while trying to figure it out, with "UDP on IPv4 only" selected I now get this in the log:

UDPv4 link local (bound): [AF_INET]<wanip>:43315</wanip>

Note it shows the WAN IP and not the CARP IP I have selected in the interface. Also the other side of the VPN still shows it trying to connect from a random port(not the port shown in the log).

jmcentire · May 5, 2017, 3:29 PM

Is anyone able to test this, at least get it to bind to a specific local port?

phil.davis · May 5, 2017, 4:02 PM

I just made a CARP VIP on a test VM and then created an OpenVPN Client on it:


May 5 15:58:08 	openvpn 	74211 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 init
May 5 15:58:09 	openvpn 	74211 	TCP/UDP: Preserving recently used remote address [AF_INET]172.22.33.44:1194
May 5 15:58:09 	openvpn 	74211 	UDPv4 link local (bound): [AF_INET]172.17.18.19:4242
May 5 15:58:09 	openvpn 	74211 	UDPv4 link remote: [AF_INET]172.22.33.44:1194

The CARP IP I made up was 172.17.18.19 and local port selected was 4242 - so it got it right from what I entered in the webGUI.

So I guess there is something else different/special in your config that impacts this.

jmcentire · May 5, 2017, 6:40 PM

Thank you for testing that!

I finally found the problem, after redoing the vpn client it showed it binding to the carp ip and port, however on the vpn server side it still showed the WAN ip and random port.

Turns out my manual outbound NAT was doing that…I had mistakenly used "This Firewall" instead of 127.0.0.0/8 on my outbound NAT for the firewall.