Page MenuHomeVyOS Platform
Create Task
Maniphest T2222

openvpn: requires "multihome" option to listen on all addresses with udp protocol
Closed, ResolvedPublic
Actions

Description

Per the man page:

--multihome
Configure a multi-homed UDP server. This option needs to be used when a server has more than one IP address (e.g. multiple interfaces, or secondary IP addresses), and is not using --local to
force binding to one specific address only. This option will add some extra lookups to the packet path to ensure that the UDP reply packets are always sent from the address that the client
is talking to. This is not supported on all platforms, and it adds more processing, so it's not enabled by default.

Note: this option is only relevant for UDP servers.

Note 2: if you do an IPv6+IPv4 dual-stack bind on a Linux machine with multiple IPv4 address, connections to IPv4 addresses will not work right on kernels before 3.15, due to missing kernel
support for the IPv4-mapped case (some distributions have ported this to earlier kernel versions, though).

If configured without local-host and with protocol udp (default), this needs to be set to ensure correct operation. Currently it is not.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)