Re: [Openvpn-users] Config item request

[James Yonan <jim@xxxxxxxxx>]

On Tue, 1 Feb 2005, Bradley Alexander wrote:

> I have a request for the server config file. The "local" directive specifies 
> the interface on which OpenVPN listens. My first concern with this is in the 
> event of a dynamic or semi-dynamic address, for instance, on a DSL or 
> Cablemodem connection. These IP addresses are using DHCP, and while they 
> don't change often, they do change (seldom enough for a hearty WTF? when the 
> tunnel stops working after all that time). Jim, would you consider supporting 
> use of either the IP address or interface name?

Translating the interface name to an IP address would require non-portable 
functions for each of the OSes which OpenVPN supports.  Overall I'm not 
sure it would be worth the trouble.

> Also, can you specify multiple interfaces/addresses to listen on in that 
> directive? For instance, a on a firewall with four interfaces, one DSL, one 
> Cable, an internal network and a DMZ, could you specify the DSL and cable 
> interface/addresses in separate lines or comma/whitespace separated on the 
> same line?

Standard Berkeley sockets is one IP or all interfaces (INADDR_ANY) --
there isn't any middle ground in the API.

It's better to not specify --local if your IP address might change.

If you must use --local, then the best way is to set up a script which is 
run when your DHCP client daemon gets an IP address change.  Have a DNS 
name like "public" and put in /etc/hosts.  In the OpenVPN config, use 
"local public".  Have the IP change script edit the "public" definition in 
/etc/hosts, modifying it with sed or something to the new IP address.

James

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users