OpenVPN Instance listen on multiple sockets discussion

Started by seed, Today at 08:13:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 08:13:29 PM
I've already opened a feature request on GitHub and would like to discuss it here in the forum.

In the current OpenVPN version, it's now possible to open the listening socket on multiple IP addresses. This is a change from the previous behavior, where the socket could only be opened either on all IP addresses and interfaces or on a single IP address.

In my case, I have additional IPs on the WAN interface (IPv4 and IPv6 addresses) that I intend to use for VPN clients: IPSec, OpenVPN, and WireGuard. So far, I can only have the OpenVPN server listen on, for example, a single IPv4 address.

With the new OpenVPN version included in the current OPNsense release, it is possible for a server to listen on different IPs; you can specify this in the configuration by using an array, for example.

In the OpenVPN configuration, this would look like this:

Code Select
local 10.10.10.10 1194
local 2001:db8::1 1194
What do you think?

Github Issue:
https://github.com/opnsense/core/issues/10376

News article:
https://www.heise.de/en/news/OpenVPN-2-7-0-with-multi-socket-support-and-new-Windows-driver-11174406.html
I want all services to run with wirespeed and therefore run this dedicated hardware configuration. Suricata is very demanding.

AMD Ryzen 9 9950X3D
ASUS Pro WS B850M-ACE SE
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror

private user, no business use
Print
Go Up Pages1
User actions