OpenVPN Instances

[opn_nwo]

What's the advantage of using this instead of the "old way". I have 2 different servers running on different ports just fine. Also why in the instance config page I can't select a bind interface instead of an IP address.

[meschmesch]

According to the Opnsense blog "The new OpenVPN instances pages and API create an independent set of instances more closely following the upstream documentation of OpenVPN. Legacy client/server settings cannot be managed from the API and are not migrated, but will continue to work independently." As far as I understood from other discussions, the old way may become completely replaced by the instances in the far future.

You can leave the bind interface empty, no need to modify. The Server IP is set via "Server (IPv4)". This is self explanatory "This directive will set up an OpenVPN server which will allocate addresses to clients out of the given network/netmask. The server itself will take the .1 address of the given network for use as the server-side endpoint of the local TUN/TAP interface".

[opn_nwo]

Thanks for the reply. My issue with not having the interface as binding option is that my WAN is assigned through DHCP (cable home connection). Then I use Cloudflare dynamic DNS to resolve the name which I use for remote connections. The IP hasn't changed in almost two years, but there is always a chance it will.

[meschmesch]

You connect to your dyndns address from WAN, correct? Since openvpn 1194 binds to any interface and thus to WAN, you will always have a connection from outside to port 1194? Even in case the IP changes, dynamic DNS will point you to the correct new IP. I don't see why this should effect Openvpn?

[opn_nwo]

Fair enough, I'll try that. Thanks.

[franco]

Create loopback, set IP in a nonexistent private network. Listen with OpenVPN on this private IP. Use that as target IP with port forward on WAN and done. "any" works too but you can only use the port once globally then (it may matter in multi-WAN scenarios).


Cheers,
Franco