Bug #1507
closed
openvpn.inc Local line in openvpn.inc failover
Added by Phil Parris over 13 years ago.
Updated over 13 years ago.
Description
if (!empty($iface_ip)) {
$conf .= "local {$iface_ip}\n";
}
in /etc/inc/openvpn.inc causes openvpn failover of wan to opt1 to not work properly. Taking this line out and saving the config through the web interface allows failover to work properly.
The issue is this line causes the openvpn conf file to contain local ipofWAN.
- Status changed from New to Rejected
to change an OpenVPN client from WAN to OPT1 you have to change its config from WAN to OPT1, there is no failover of client connections. It won't work on OPT1 without changing its interface there and hence its local IP being updated. Failover with OpenVPN requires dynamic routing such as OSPF with multiple always-on connections. Not a bug, it works as it should, the local IP must be specified.
When you failover to opt1 the client configuration is not updated with opt1's ip address. I'm not expecting existing connections to failover. I'm expecting openvpn client to reconnect when the system fails over to opt1. With local wanipaddress it will not reconnect.
According to the openvpn manual located at http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html
--local host
Local host name or IP address. If specified, OpenVPN will bind to this address only. If unspecified, OpenVPN will bind to all interfaces.
Local is not needed in the client configuration.
it is updated when the interface is changed. It is required for the client config in multi-WAN scenarios.
It seems I missed the Any on the local interface selection in the client config. This can be closed.
Thank You
Also available in: Atom
PDF
Updated by 
Updated by