On Mon, 17 Mar 2025 20:32:52 +0100, Bo Berglund <bo.bergl...@gmail.com> wrote:
>So that was the plan before I had actually dived into the new server >configuration.... > >Now after having seen the issues when copying the other old stuff into the new >server I am re-thinking OpenVPN a bit.... > >Since it is rather old cert-wise it will expire in a couple of years anyway so >I >thought that it might be better to just start over and create a fresh server >with new certs etc so it will last a lot longer. On 3rd thought I realized that I have almost 3 years remaining on the life of my certs (expire jan 2028) and I will save time now by just transplanting the OVPN infrastructure over to the new server and changing the port-forward on the router to the new IP address. I will have to deal with cert renewals later. So I copied /etc/openvpn and ~/openvpn (where I keep easyrsa3 and pki) over to the same locations on the new server. I did the same for the IPTABLES settings where I use iptables-persistent to make them survive a reboot. After that and some minor edits was done I created the ovpn services for the 2 openvpn instances and started them. Finally I modified the two port-forwards on the router to use the new server's IP address. All seems to have worked fine AFAICT. There is one small item/observation, though: I have set up a LAN<->LAN connection between my home LAN and my summer home LAN using OpenVPN so I can access the local devices transparently where-ever I am. The router at the summer home is set up to use one of the OpenVPN channels to hook it all up. It was connected when I did the port forward change and I expected it to lose connection, but it did not. Even after the switch to the new server the connection is there, I have an SSH terminal hooked to a Linux box over there and it did not feel a thing when the redirect was changed in the router. Question: Is the VPN connection once initialized independent of the router port forward as long as the VPN server it is connected to at the time stays running? It seems to be the case and the port forward setting seems irrelevant for it during the switch. It stays connected to the old server. Maybe only used during initialization of the connection? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
