OpenVPN client export and Multi-WAN

[naltalef]

Hi.
I’m using OPNSense 18.7.7 as OpenVPN Server and have a problem using OpenVPN Client Export selecting "Automatic Multi-WAN IPs" or "Automatic Multi-WAN Dynamic DNS hostnames"

I expect two lines like this added to config file.

remote servername1 1194 UDP
remote servername 2 1194 IDP

but NONE appears.

I configured:

OpenVPN server listen on Localhost
DynDNS names one for each interface
Firewall: NAT: Port forward rules

I will appreciate any suggestion or opinion

Let me point that I added manually both lines and VPN is working perfectly

Many thanks

Norberto

[franco]

Hi Norberto,

The export is not clever enough to infer that a port forward reaches an OpenVPN server which is reachable via both WANs due to this. The export feature is currently being rewritten for 19.1, but I'm not sure if this will work afterwards as it would imply knowledge of firewall rules/port forwards and which services lie beyond.


Cheers,
Franco

[naltalef]

Hi Franco. Thanks for your answer.
I understand. I'm not sure if it needs to know how port forward is configured, but you are the expert.
My confusion was originated by the name that appears: Automatic Multi-Wan dynamic DNS hostnames (port forward targets)
I was pleasantly surprised to find the option and my face changed when I saw that it did not add the lines.

While I could add the "remote xx" lines as additional arguments, I would need a way for the end user to generate the files.
A custom vpn_openvpn_export.php would be an option ?  I know about the problem with system updates.
I appreciate your suggestion

Let me point that opnsense is a great piece of software. I have a lot of years using and installing openbsd firewalls with several complex scripts and custom solutions and is the first time than I feel confident to use a product with a web interface that after 5 minutes I'm not accessing via ssh. Congrats!

Regards
Norberto