Federico Heinz wrote: > > > Because I don't know it at configuration time. > > > > You said that you already have a solution in place for dealing > > with interface reconfiguration. > > I said I have a solution in place to restart OpenVPN when the > configuration changes.
I understand. So there is no solution for dealing with the reconfiguration. > Sure, I could change a few system scripts, and include something > like Alon suggested (/sbin/ip addr show dev ppp0 | grep inet | sed > 's#.*inet \(.*\)/.*#\1#'), to figure out the IP address, change the > configuration files and only then restart OpenVPN. Would suggest wrapping openvpn instead of changing system scripts. > What I fail to see is how that is "simpler" or easier to understand > or maintain than writing "local if:ppp0" in the daemon's config file. It remains clear that openvpn binds to only one IP. > > Until OpenVPN has multilisten there's no point in OpenVPN trying > > to do this, because it will only do a poor job. > > This is simply not true. It will do a good job in most cases, and a > well-specified, if incomplete, job in the rather unlikely case that > someone deliberately attempts to use this feature together with > multiple IP addresses on a single interface, and even then it will > emit a warning. > > You are arguing that because it cannot do the job perfectly in an > unlikely edge case, it shouldn't even attempt to solve a > different, well-defined use case. > > I'm sorry, that doesn't make sense to me. I like do it right or don't do it at all. Only working in some cases is not good behavior for a feature. > > The domain name is irrelevant. Go closer to the authoritative > > source, not further away. > > Agreed. I'm going as close to it as I can: the interface itself, > from the viewpoint of the program that is using it. No, the source is the system component which configures the interface, not the interface itself, which is more like a data store in this case. > > > which in some cases involves messing around with the way > > > your distro usually does things, > > > > Why would it? > > It means modifying the distro's startup scripts for OpenVPN, to get > them to figure out the IP address of the interface for *some* > instances of the server but not necessarily for all. Changing startup scripts or wrapping openvpn is one way. But I would probably drive everything from the DHCP client instead. As I wrote, udhcpc is very very easy to deal with. David Sommerseth wrote: > As Davide Brini already mentioned, I really wonder if this issue is > due to lack of --multihome in your configuration, combined with > listen on 0.0.0.0. He wants different openvpn servers on different interfaces using same port. //Peter
