Hello!
11. Apr 2017 04:38 by selva.n...@gmail.com:
>
> On Mon, Apr 10, 2017 at 4:34 AM, <> saato...@keemail.me> > wrote:
>
>> I have a project, where I connect/disconnect numerous times with a single
>> client to my OpenVPN server within a short time (e.g. 70 connect/disconnects
>> within 10 minutes).
>>
>>
>> Now, if I configure a specific lport in the client configuration (anything
>> between 32768 and 60999), I get a lot of errors that the port is already in
>> use.
>>
>> "TCP/UDP: Socket bind failed on local address [undef]: Address already in
>> use"
>>
>
> Use of exit-notify indicates you are using UDP. In that case as soon as the
> process is terminated the port will become available. If the port is still in
> use either the previous process has not yet exited or some other process
> might have grabbed it in the mean time. There is no reliable way to avoid the
> latter -- if you need a custom port do not pick it from the ephemeral range.
Correct, I use UDP. The process is definitely stopped before a new OpenVPN
client is started. I'll have to investigate this further, very odd behaviour.
Why should I choose a port outside of the emphermal range? What does that
change for me?
>
>
>>
>> I guess this is because, the port hasn't been made available yet, after the
>> last OpenVPN process terminated. I terminate the OpenVPN process gracefully
>> and use `explicit-exit-notify 3` if that makes a difference.
>>
>
> Note that sending exit notify 3 times will take about 3 seconds. You can
> leave out the number (or set it to 1) to notify just once and speed up the
> exit to about a second or so. Unless your network so unreliable that 3 tries
> are needed.
Thank you for the hint!
>
>> However, I don't seem to have this issue when I don't use the `lport` at
>> all, and let OpenVPN use the default.
>>
>> I don't see much of a difference there. Is it the high port number that is
>> used by `lport`?
>> Does this even relate the OpenVPN or is it more of an issue of the host
>> operating system?
>>
>> I can't use the default `lport`, as I want to be able to start multiple
>> OpenVPN instances on the client.
>>
>> Does anyone have an idea, how I could resolve or at least mitigate this
>> issue?
>
> Why not use --nobind and leave out --lport?
> Selva
I can not use --nobind, as I connect/disconnect/reconnect a large number of
times, which completely exhausts my IP pool on the server within minutes. This
topic was discussed earlier on the mailing list in case you missed it. Thank
you for the suggestion though, would be a perfect solution, if I didn't have
the issue with the IP pool exhaustion.
Kind regards,
SaAtomic
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
