Menu
▾
▴
Re: [Openvpn-users] Server listen on a specific IPv4 and IPv6 Address
|
From: <J.W...@mi...> - 2015-06-11 08:05:04
|
Actually, I would put it the other way round:
Why would want a single process to listen in on different IP-streams (udp/tcp/v4/v6) ?
Consider risc reduction. If one fails, the others just carry on: don’t try to create a SPOF.
Hans
From: Joe Patterson [mailto:j.m...@gm...]
Sent: woensdag 10 juni 2015 23:47
To: Gert Doering; Kor Korrd
Cc: ope...@li...
Subject: Re: [Openvpn-users] Server listen on a specific IPv4 and IPv6 Address
Another possibility (also kind of klugey, and I haven't personally tried it with ipv4 to ipv6) is to listen on one IP and then NAT from the other IP to the one you're listening on. I use this to listen on multiple (well, actually all) ports, though I still have to use different processes to handle tcp and udp connections.
-Joe
On Wed, Jun 10, 2015 at 3:23 PM Gert Doering <ge...@gr...<mailto:ge...@gr...>> wrote:
Hi,
On Wed, Jun 10, 2015 at 04:43:03PM +0200, Kor Korrd wrote:
> I have a Server with multiple IPv4 and IPv6 addresses. Only on one
> specific address (IPv4 and IPv6) should the VPN UDP Server listen on.
This is not possible today.
> So the question is, how is it possible that OpenVPN listens on a certain
> IPv4 and IPv6 address at the same time?
You can't. As with "listen on multiple ports at the same time" (which,
effectively, is the same problem: open multiple sockets and listen to
all of them) it is missing functionality that people want, but nobody
was able to implement yet (time, interest, knowledge, ...).
For "multiple UDP sockets" it's supposedly not *that* hard, but the
"UDP and TCP at the same time" case is really complicated as the insides
of OpenVPN are currently handling this very differently.
Sorry.
(One possible workaround would be to just listen on all addresses [with
--multihome!] and use firewall rules to reject packets to addresses you
do not want to see exposed, or run multiple OpenVPN processes - none of
this is perfect)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/<http://www.muc.de/~gert/>
Gert Doering - Munich, Germany ge...@gr...<mailto:ge...@gr...>
fax: +49-89-35655025 ge...@ne...<mailto:ge...@ne...>
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Ope...@li...<mailto:Ope...@li...>
https://lists.sourceforge.net/lists/listinfo/openvpn-users
______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
|
