On Sat, 29 Jul 2023 14:11:48 +0000 (UTC), Jason Long via Openvpn-users
<openvpn-users@lists.sourceforge.net> wrote:
>How can OpenVPN recognize that the configuration files Server-1.conf,
>Server-2.conf and Server-3.conf should be for IP address "1.2.3.4"?
>Should I change the name of the NIC to the IP address?
Server conf file options from the OpenVPN Reference Manual (which you should
read as a start n my view):
--local host
Local host name or IP address for bind. If specified, OpenVPN will
bind to this address only. If unspecified, OpenVPN will bind to all
interfaces.
--port port
TCP/UDP port number or port name for both local and remote
(sets both --lport and --rport options to given port).
The current default of 1194 represents the official IANA port
number assignment for OpenVPN and has been used since version
2.0-beta17. Previous versions used port 5000 as the default.
What this means is that the server_x.conf file, which defines the specific
server instance server_x, *can* specify a particular IP address to bind the
service to in addition to the port specification that is normally used if you
run multiple server instances with differing characteristics.
But if you do not specify local it will bind to *all* available interfaces.
I do not understand WHY you would like to do that, though. It works perfectly
fine by just defining different ports for the different services and use one and
the same network interface...
So in your different conf files you can have:
port 1195 #This is the nonstandard port to use for this service
local 192.168.114.123 #This is the IP address to bind to on the server itself
Then another conf file:
port 1196 #This is the nonstandard port to use for this service
local 192.168.114.124 #This is the IP address to bind to on the server itself
and
port 1197 #This is the nonstandard port to use for this service
local 192.168.114.125 #This is the IP address to bind to on the server itself
If you include the local directive then you need to make sure your network
configuration will set up the IP addresses on the NIC as needed, but again it is
un-necessary...
Now the server will start up 3 instances binding to *different* IP addresses on
the server itself (this is still inside your internal LAN!) and running on
*different* ports.
And the server does *NOT* care what *name* is given to the NIC interfaces with
these IP addresses at all!
In fact the *name* of the interface is not something used at all, all that is
needed is the IP address itself for the interfaces if you want to set it to use
a specific interface on the NIC.
If you do not then it will bind to *all* interfaces, which will work just
fine...
But still I see no use at all for such a setup where you force different IP
addresses to work through, it is sufficient to use different ports!!!!!
Next if you want to *use* the VPN is to connect the server with the local IP
address to the outside world and that is done as a "port forward" on your
Internet router!
This is the place where the *external public address* is used by the clients to
connect to your server and you have to make sure this address does not change
because the clients must know it to to be able to connect....
Dynamic DNS services come in handy here if you do not own a set of public IP
addresses to use.
On my OpenVPN servers I do *NOT* specify the local keyword so they bind to *all*
existing interfaces, for example both Ethernet and WiFi.
And my router port forward rules uses the internal Ethernet IP address of the
server so the WiFi will never be actually used...
This works just fine, so why complicate everything like you are trying?
--
Bo Berglund
Developer in Sweden
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
