Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Interface: any

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke
      last edited by

      Hi,

      I am running two OpenVPN servers since several weeks without problems on my pfsense with two DSL lines. OpenVPN1 is on DSL1 and OpenVPN2 is on DSL2.

      Now I tried to bind OpenVPN1 to both DSL lines but after this the service didn't start:

      Mar 7 21:36:28 	openvpn[33935]: Exiting
      Mar 7 21:36:28 	openvpn[33935]: TCP/UDP: Socket bind failed on local address [undef]: Address already in use
      Mar 7 21:36:28 	openvpn[33935]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
      Mar 7 21:36:28 	openvpn[33935]: Initializing OpenSSL support for engine 'cryptodev'
      Mar 7 21:36:28 	openvpn[33935]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Mar 7 21:36:28 	openvpn[33935]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
      Mar 7 21:36:28 	openvpn[33935]: [DEPRECATED FEATURE ENABLED: random-resolv] Resolving hostnames will use randomisation if more than one IP address is found
      Mar 7 21:36:28 	openvpn[33935]: OpenVPN testing-cee388313521 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Feb 21 2011
      

      I am using:
      2.0-RC1 (i386) built on Wed Mar 2 03:30:11 EST 2011

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Is the port already in use on DSL2? It sounds like it's just not able to grab that port.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by

          That's it!!

          This server is running on port TCP/443. From WAN side there is no problem, but I am using HTTPS on port 443 for accessing the webGUI from LAN side.

          hmm…the pull-down menu in the OpenVPN Server tab isn't ideal because you could only select one or all interfaces. Isn't it possible to change it like in the squid package where you could use CTRL to select the interfaces you want ?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It may be possible, but that isn't so trivial to do. It would require code changes in several areas.

            My favorite thing to do is just bind it to LAN and forward ports into it from each WAN I want it to run on, but that's me.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              I read this tip/workaround in another thread and I think this isn't really bad. The other OpenVPN server is using UDP and so there is no other way than to bind it to the LAN port.

              Thanks.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Yeah there have been some UDP issues in the past where the return traffic will use the default gateway regardless of the interface used for connecting when using 'any' interface, though I haven't tried that lately on 2.0 so I'm not sure if that's really an issue these days.

                Binding to LAN and forwarding ports lets it take advantage of pf's reply-to directive which ensures the traffic goes back out the WAN it came in on.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.