Hi, On Mon, Aug 14, 2023 at 06:33:52AM +0000, Jason Long wrote: > Why without the local statement my OpenVPN worked?
As I explained weeks ago, the combination of "port" + "local IP" needs to be unique. So if you have only one OpenVPN process listening on one port, you do not need to force the IP address to make the (port,IP) tupel unique. On a machine with multiple IP addresse and *no* --local binding, you will need to use --multihome on UDP servers (otherwise OpenVPN might reply with a wrong source IP). > When I see the error 10054, then this is related to the wrong firewall > settings or wrong port forwarding. >I have no idea what an "error 10054" is. If it's part of an OpenVPN >error message, do post the full line +5 lines of context. Hi, Thanks again. My OpenVPN server has multiple IP addresses and I want to run multiple OpenVPN server on it. My server configuration is: port 2000 proto udp dev tun20 local 20.1.1.20 # My virtual NIC ca ca.crt cert server.crt key server.key dh dh.pem server 10.10.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 192.168.1.20" keepalive 10 120 tls-crypt ta.key 0 data-ciphers AES-256-GCM user nobody group nogroup persist-key persist-tun The client show me the following error: Mon Aug 14 12:52:02 2023 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. Mon Aug 14 12:52:02 2023 Note: ovpn-dco-win driver is missing, disabling data channel offload. Mon Aug 14 12:52:02 2023 OpenVPN 2.6.5 [git:v2.6.5/cbc9e0ce412e7b42] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jun 13 2023 Mon Aug 14 12:52:02 2023 Windows version 6.1 (Windows 7), amd64 executable Mon Aug 14 12:52:02 2023 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10 Mon Aug 14 12:52:02 2023 DCO version: v0 Mon Aug 14 12:52:02 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344 Mon Aug 14 12:52:02 2023 Need hold release from management interface, waiting... Mon Aug 14 12:52:03 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1032 Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'state on' Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'log on all' Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'echo on all' Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'bytecount 5' Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'state' Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'hold off' Mon Aug 14 12:52:03 2023 MANAGEMENT: CMD 'hold release' Mon Aug 14 12:52:03 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.20:2000 Mon Aug 14 12:52:03 2023 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Aug 14 12:52:03 2023 UDPv4 link local: (not bound) Mon Aug 14 12:52:03 2023 UDPv4 link remote: [AF_INET]192.168.1.20:2000 Mon Aug 14 12:52:03 2023 MANAGEMENT: >STATE:1692001323,WAIT,,,,,, Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) Which option is wrong? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
