Can You 'Bind' the OpenVPN Connect Client to Use a Specific Source Port?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
MarkPolar
OpenVpn Newbie
Posts: 1
Joined: Wed Jan 04, 2023 3:43 pm

Can You 'Bind' the OpenVPN Connect Client to Use a Specific Source Port?

Post by MarkPolar » Wed Jan 04, 2023 4:18 pm

Hello,

*Disclaimer: I'm definitely not an expert with OpenVPN, I have less than a week of experience with it.

I'm working on a personal project that uses a OpenVPN Server/Client. Without going into too much detail on the whole project, I have a specific question around the Window's OpenVPN Connect client.

Here is the main question:
Is it possible to configure the OpenVPN Connect client to only use a specific source port (UDP) when attempting a connection to the OpenVPN Server?

Additional BackGround On My Situation:
I have a OpenVPN server configured (UDP is used and I've confirmed the client can connect when in a 'normal' environment), but for my project there will be a period of time that the server will not respond to the client. The Client is configured to continually attempt a connection with the server until the server responds and they exchange the needed information to setup a tunnel (eventually the server will respond).

Back ground on what I've discovered regarding the client's local port usage:
It appears that the client will send a UDP segment to prompt the server for a connection every second for 10 seconds (10 UDP segments that are exactly the same). If the 10 segments (10 seconds) do not generate a response from the server, the client will construct a new UDP 'prompt' segment and then send that 10 times (1 per second). This process continues until the Client times out, or until the server responds. The client appears to select a new ephemeral UDP source port when the new UDP 'prompt' segment is created (so every group of 10 segments use the same source port, but a new source port is used for the next group of 10 segments, and etc.)

The Goal:
The desired result is to have the client continually attempt a UDP connection to the server using the same UDP port throughout the attempt. I don't want the client to cycle through ephemeral ports when attempting to connect to the server. I want to lock it to use a single port number even if the server doesn't respond right away.

I was really hopeful when I saw this text in the client.conf...

# Most clients don't need to bind to
# a specific local port number
nobind

...But I've been unsuccessful in researching the configuration to set this up.

Is the result I'm looking for possible?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Can You 'Bind' the OpenVPN Connect Client to Use a Specific Source Port?

Post by openvpn_inc » Sun Jan 15, 2023 7:55 pm

Hello,

Not sure. From the reference documentation for OpenVPN2 though I can see that lport allows to define a local port.
lport port - Set local TCP/UDP port number or name. Cannot be used together with --nobind option.

However, I am not sure if this was implemented in the OpenVPN3 client library that is used in OpenVPN Connect. You can try. You might need to divert to OpenVPN2 client program. There's a pretty narrow use-case for this. I am also not sure if this applies to client connections or only for setting the port for a server. It's not that clear from documentation.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply