Alright, I'm gonna be honest I'm very new to all of this... But i have successfully deployed access server on my home file server. It allows me to connect to my NFS and samba shares from anywhere. Which is what i was trying to accomplish.
But on the same machine i run a dlna server (minidlna) so that i can watch movies on devices in my home, in it's config i have to select the "interface" i would like the server to bind to, but it only allows me to set a total of 4. And apparently the tunnel interfaces for access server are "as0t0" - "as0t15", giving me 16 total options. And as far as i can tell it's completely random as to which tunnel i connect to and i still need one of those 4 available for my standard ethernet connection when I'm on my home network. Although it's still too painful to connect and reconnect until i get the right tunnel, especially since it seems to (usually) attempt to reconnect to the previous tunnel interface... I've tried using a wildcard for the number at the end of the interface to give minidlna a way of using more than 4, but this doesn't work either. Anyway, i have a 3 out of 16 chance of getting one that works. But when i do land on one that is set it works perfectly, so i figured i should be able to make access server either use a specific tunnel based on a device or simply limit the amount available tunnels to 3 since i will only ever have 2 devices connected at a time anyway this didn't seem like a downside, unless I'm missing something? But then it comes to doing one of those 2 things...
I've searched and searched and i can't seem to find any way to change any settings whatsoever regarding the tunnel interfaces, much less so that OVPNAS will only use as0t0 - as0t3 or to make it use a specific tunnel for certain devices. If this is possible (or not possible and i need to use the regular openvpn service) or I'm missing some obvious answer please let me know.
I might not be using the right terminology when I'm searching but I'm at a loss and i figured it was time to ask for help. If anyone can spare a second to point me where i need to go to find the correct info, I'd really appreciate it. Thanks for your time.
How to change # of tunnel interfaces / specific interface is used???
-
toxemic
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Mar 23, 2022 4:55 am
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1332
- Joined: Tue Feb 16, 2021 10:41 am
Re: How to change # of tunnel interfaces / specific interface is used???
Hi toxemic,
The amount of interfaces is directly related to the amount of OpenVPN daemons that Access Server will spawn. The amount of OpenVPN daemons is directly related to how many CPU cores you have. This is because OpenVPN2 is a single-thread process, meaning it will use the CPU core that it is running on. Also it is single protocol, meaning it will either launch using TCP, or UDP, but not both at the same time in the same process.
So, to make efficient use of all your CPU cores, and to allow TCP and UDP incoming VPN connections, we launch 1 UDP and 1 TCP daemon per CPU core. For a system with 8 CPU cores that means 16 OpenVPN daemons. Each daemon needs its own network interface. Hence the as0t0, as0t1, as0t2, and so on.
I am going to guess that you are not going to be heavily loading this server to the point where you will actually need to use all those CPU cores. My assumption is that you are probably the only user. Maybe a laptop, a phone, that sort of stuff. I suggest that you go into the Access Server admin UI and go to Network Settings there. Set the amount of TCP daemons to 1, and set the amount of UDP daemons to 1. Save settings and update running servers. Now there is only 1 OpenVPN daemon for TCP, and 1 OpenVPN daemon for UDP. And only as0t0 and as0t1 as interfaces for VPN. Then you should be okay with configuring your minidlna service.
If however my assumption is wrong and you have hundreds of users connecting, then you might want to run multiple OpenVPN daemons after all. But then you're back at your original problem.
Kind regards,
Johan
The amount of interfaces is directly related to the amount of OpenVPN daemons that Access Server will spawn. The amount of OpenVPN daemons is directly related to how many CPU cores you have. This is because OpenVPN2 is a single-thread process, meaning it will use the CPU core that it is running on. Also it is single protocol, meaning it will either launch using TCP, or UDP, but not both at the same time in the same process.
So, to make efficient use of all your CPU cores, and to allow TCP and UDP incoming VPN connections, we launch 1 UDP and 1 TCP daemon per CPU core. For a system with 8 CPU cores that means 16 OpenVPN daemons. Each daemon needs its own network interface. Hence the as0t0, as0t1, as0t2, and so on.
I am going to guess that you are not going to be heavily loading this server to the point where you will actually need to use all those CPU cores. My assumption is that you are probably the only user. Maybe a laptop, a phone, that sort of stuff. I suggest that you go into the Access Server admin UI and go to Network Settings there. Set the amount of TCP daemons to 1, and set the amount of UDP daemons to 1. Save settings and update running servers. Now there is only 1 OpenVPN daemon for TCP, and 1 OpenVPN daemon for UDP. And only as0t0 and as0t1 as interfaces for VPN. Then you should be okay with configuring your minidlna service.
If however my assumption is wrong and you have hundreds of users connecting, then you might want to run multiple OpenVPN daemons after all. But then you're back at your original problem.
Kind regards,
Johan
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support