OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: Bonkerton on January 23, 2019, 11:04:02 pm

Title: OpenVPN interfaces - mismatch between GUI and CLI - ovpnc1/ovpnc2
Post by: Bonkerton on January 23, 2019, 11:04:02 pm

This is from a Virtualbox environment (WAN DMZ'ed to internet, LAN on VBox internal network with a few clients. Initially I tried this on 18.7.10 and then updated to the 19.x RC to see if it's different. Which it wasn't.

I set up an OpenVPN client based on some HOW-To's and posts. That all worked well enough eventually. The VPN interface created created during that setup was on ovpnc1.

I then added a second client for the same VPN-provider but using a different server of theirs. All other settings were the same so I thought I'd re-use the already created interface.
That also worked, but when I look at the VPN log (or ifconfig) it shows that the second OVPN client setup is now using ovpnc2 as interface (or network port as it is called in the GUI).
Even though I never assigned this port. Also, ovpnc2 still shows as available for assignment in the GUI.

See attachments,
- VPN-clients shows the two client set-ups I have
- VPN-log shows that the second client is using ovpnc2 as port
- IF-assignments shows that ovpnc2 is still available for assignment

ifconfig (while second client is active):

Code: [Select]

ovpnc1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::a00:27ff:fe82:f87d%ovpnc1 prefixlen 64 scopeid 0x7
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn
ovpnc2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::a00:27ff:fe82:f87d%ovpnc2 prefixlen 64 scopeid 0x8
inet 10.9.0.18 --> 10.9.0.17 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn
Opened by PID 57326

I stumbled upon this when trying to add multiple clients for multiple VPN providers and the assignments didn't match between CLI/log and GUI.

So the problem/question is, why did ovpnc2 get taken into use even though the GUI still shows it as unassigned ?
Is this a known bug/feature ?

Title: Re: OpenVPN interfaces - mismatch between GUI and CLI - ovpnc1/ovpnc2
Post by: Bonkerton on March 04, 2019, 08:10:59 pm

So after working with this a bit longer

my actual question became more clear:

I have multiple OpenVPN clients set up. To run them concurrently I need multiple VPN-interfaces defined.
The only way to find out which network port (e.g. 'ovpnc7') is used by which OVPN client setup is
to go into the log and see on which port the client is trying to connect.

It becomes more of a hassle when - as is my case - I had set up some OVPN clients that I deleted later. So now, even though I have only 4 clients showing under 'VPN: OpenVPN: Clients' my network port count is up to ovpnc7. And the only way I see to match network port to client setup is to check the OVPN log.

Is that correct that there is no way to see/set this directly from the GUI ?
Any way to delete old/unused network ports ?