How to specify the name of interface to listen on, instead of the IP ?

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
evilroach
OpenVpn Newbie
Posts: 19
Joined: Sat Oct 10, 2015 8:56 pm

How to specify the name of interface to listen on, instead of the IP ?

Post by evilroach » Tue Jun 21, 2016 7:49 am

Hi, guys.

Is there any way to specify the name of the interface to listen on, instead of to specify the IP of the interface ?
In both side (server and client) of my case, the IPs are all dynamic (assigned by ISP).
I use some ddns tool to refresh(register) the new ip of both.
Yes, they all have their own dns name !
Obviously, it's necessary to config the "--remote" with the dns name of server on client side, instead of the ip of the server.
But my server has more than one Internet link.
While openwrt is starting, the sddns.sh script has not yet re-register the new ip related to it's dns name.
At the same time, OpenVPN trys to resolve the ip of this dns name and to listen on this ip specified by old registering.
So, it fails inevitably (trys to listen a ip not belong to it).
Casually, it sometimes successfully listened on a IP, but not the correct ip related to the dns name (the ip belongs to another internet link).
A few minutes later, after sddns.sh refresh the correct ip successfully, the clients can not establish vpn through the dns name of my server.
Considering security reasons, I don't like listen on all my interface.

So, I want to start the openvpn server, and force it listen on a fixed interface such as "pppoe-wan1" in my case.
Then, I will config the sddns.sh script to bind the ip of this fixed interface to the dns name always.

Is there existing this way ?
Thanks!
Last edited by evilroach on Tue Jun 21, 2016 7:59 am, edited 1 time in total.

evilroach
OpenVpn Newbie
Posts: 19
Joined: Sat Oct 10, 2015 8:56 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by evilroach » Tue Jun 21, 2016 7:54 am

Sorry for my English, I'm a Chinese.

evilroach
OpenVpn Newbie
Posts: 19
Joined: Sat Oct 10, 2015 8:56 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by evilroach » Tue Jun 21, 2016 7:59 am

Considering security reasons, I don't like listen on all my interface.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by TinCanTech » Tue Jun 21, 2016 12:31 pm

Does OpenWRT allow you to specify the interface ?

evilroach
OpenVpn Newbie
Posts: 19
Joined: Sat Oct 10, 2015 8:56 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by evilroach » Tue Jun 21, 2016 3:19 pm

TinCanTech wrote:Does OpenWRT allow you to specify the interface ?
It is the question I just want to ask.

I think that OpenWRT may allow us to specify the interface with name,
but OpenVPN whether allow us to do so or not ?

evilroach
OpenVpn Newbie
Posts: 19
Joined: Sat Oct 10, 2015 8:56 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by evilroach » Tue Jun 21, 2016 3:29 pm

In this case, maybe we can consider OpenWRT as a normal Linux ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by TinCanTech » Tue Jun 21, 2016 4:11 pm

I believe a server is generally considered to have a static IP (not that it is always the case)
and so OpenVPN identifies --local as an IP address not an interface, you could propose a
case for future development of [f.e] --interface name to the developers.

evilroach
OpenVpn Newbie
Posts: 19
Joined: Sat Oct 10, 2015 8:56 pm

Re: How to specify the name of interface to listen on, instead of the IP ?

Post by evilroach » Tue Jun 21, 2016 6:03 pm

TinCanTech wrote:I believe a server is generally considered to have a static IP (not that it is always the case)
and so OpenVPN identifies --local as an IP address not an interface, you could propose a
case for future development of [f.e] --interface name to the developers.
It's so sad to hear your reply about OpenVPN couldn't support this option.
Anyway, thank you very much!!!

Post Reply