Options error: –local and --nobind don't make sense when used together.



  • I am using a just installed pfSense version 2.1.2-RELEASE (amd64). I'm using the OpenVPN client in pfSense to connect to my VPN provider Private Internet Access (PIA). I've noticed that most directions for connecting to PIA don't have the "nobind" option, but PIA's own directions do. Here are the options they have for pfSense:

    nobind
    auth-user-pass /etc/openvpn-password.txt
    comp-lzo
    ca /etc/ca.crt
    

    When I have nobind the OpenVPN log says:
    Options error: –local and --nobind don't make sense when used together.

    The only thing I could find was a bug about it from four years ago that was resolved:
    Bug #282: OVPN, –nobind and --local port conflict - pfSense - pfSense bugtracker

    Can someone explain what nobind does and if attempting to use both is a bug in pfSense? nobind is good because it randomizes the UDP port and also allows multiple OpenVPN connections right? Thanks



  • OpenVPN itself doesn't let you use both. We use local for a variety of reasons to bind to a specific local IP (though you can put "any" in the interface field to disable that). The way we use –local, it always uses a random source port, and you don't want nobind.



  • @cmb:

    OpenVPN itself doesn't let you use both. We use local for a variety of reasons to bind to a specific local IP (though you can put "any" in the interface field to disable that). The way we use –local, it always uses a random source port, and you don't want nobind.

    Ok so I don't want nobind, but can you clarify does that mean I don't want bind either instead of local? That seems to be what you're implying but I don't want to misinterpret. I appreciate the help.



  • Choose the WAN interface you want it to use in the Interface drop down, and don't specify nobind, that'll give you what you're looking for.



  • @cmb:

    Choose the WAN interface you want it to use in the Interface drop down, and don't specify nobind, that'll give you what you're looking for.

    Ok that's what I have already so I will leave it as is. Thanks