Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Listen on Two Interfaces

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      steve1515
      last edited by

      Hi.

      I setup an OpenVPN server on my pfSense system (SG-2440) and all is working great except it is only listening on the WAN interface's IPv4 address. Normally this would be ok, but I have my IPv6 coming from Hurricane Electric on another interface called HE_NET. Is there a way to get my OpenVPN server instance to listen on both my WAN IPv4 address and my HE_NET IPv6 address? (I'm using UDP on the standard port 1194.)

      Can I get this to work easily?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Uhm… OpenVPN has its own interface. Set up IPv6 Tunnel Network in OpenVPN and set up a firewall rule to allow access to OpenVPN port on the tunnel.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          Hmmm - Never tried it but I would set up two instances of openvpn. 
          One for ipv4 and the other for ipv6 and experiment.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Well, perhaps I misread the question. If you want to use IPv6 as transport, then yeah, set up another one if there's no IPv6 on your WAN.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              I've never tried it either (not having IPv6 anywhere but here). Listen on any and only pass it on the WANs you want?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • S
                steve1515
                last edited by

                Just to clarify a few things…
                I do have IPv6 working though the VPN. i.e. When a client connects they can access things via IPv4 and IPv6. The issue is how you initially connect to the VPN server. You have to use the IPv4 address to connect because OpenVPN is only listening on the IPv4 address. I want the server service to listen on both IPv4 and IPv6.

                Per your suggestions, I could listen on "any" interface or start another OpenVPN server on the IPv6 interface.  I also thought about adding another "lcoal" line with the IPv6 address in the config file for the server.

                I've read that using "any" is not recommended in pfSense as it breaks things and it is only there to facilitate upgrades from older systems. So, I think that's out.

                As for starting a 2nd OpenVPN service, I'm ok with that, but what bothers me is that if I give it the same tunnel IP ranges won't that cause conflicts? Do they have to be different?

                Is it possible to add a second "local" line to the config file for the server?

                Thanks,
                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.