Ability to detect peer ip for site-to-site OpenVPN in op-mode.
For op-mode, we getting values from configuration now. The idea is to detect real peer IP if the remote site has a dynamic address.
Router01 (100.64.0.2)
set interfaces openvpn vtun1 local-address 10.255.1.1 set interfaces openvpn vtun1 local-port '1195' set interfaces openvpn vtun1 mode 'site-to-site' set interfaces openvpn vtun1 persistent-tunnel set interfaces openvpn vtun1 protocol 'udp' set interfaces openvpn vtun1 remote-address '10.255.1.2' set interfaces openvpn vtun1 remote-port '1195' set interfaces openvpn vtun1 shared-secret-key-file '/config/auth/my.key'
Router2, dynamic IP (100.64.0.2)
set interfaces openvpn vtun1 local-address 10.255.1.2 set interfaces openvpn vtun1 local-port '1195' set interfaces openvpn vtun1 mode 'site-to-site' set interfaces openvpn vtun1 persistent-tunnel set interfaces openvpn vtun1 protocol 'udp' set interfaces openvpn vtun1 remote-address '10.255.1.1' set interfaces openvpn vtun1 remote-host '100.64.0.1' set interfaces openvpn vtun1 remote-port '1195' set interfaces openvpn vtun1 shared-secret-key-file '/config/auth/my.key'
Router01 op-mode
vyos@r1-roll:~$ show openvpn site-to-site OpenVPN status on vtun1 Client CN Remote Host Local Host TX bytes RX bytes Connected Since --------- ----------- ---------- -------- -------- --------------- None (PSK) N/A N/A 7.0 KB 6.9 KB N/A
The difficult that we can't get this info from the status
vyos@r1-roll:~$ sudo cat /run/openvpn/vtun1.status OpenVPN STATISTICS Updated,Sat May 15 10:42:58 2021 TUN/TAP read bytes,7040 TUN/TAP write bytes,7192 TCP/UDP read bytes,25460 TCP/UDP write bytes,24996 Auth read bytes,11243 END
Or via ss
vyos@r1-roll:~$ sudo ss dst 100.64.0.2 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process vyos@r1-roll:~$
One thing which I find it logs
vyos@r1-roll:~$ show log openvpn | match Initiate May 15 10:00:34 r1-roll openvpn-vtun1[3102]: Peer Connection Initiated with [AF_INET]100.64.0.2:1195 vyos@r1-roll:~$
May be it will be another solutions in the next releases.