|
|
> What is the best way (what are the config options) to > have the (Linux) OpenVPN server process keep trying to > connect to a "moving" (dial-up) client machine (which > updates its IP adress with dynDNS.org within 5 seconds of > getting that new IP address, and the TTL on the RR in that > DNS server is never more than 10 seconds or so). I have solved same kind of problem with simple shell script ---- #!/bin/sh old=`cat /root/vpnip` new=`host moving.target.com` if [[ $old != $new ]]; then echo "IP has changed!"; echo "Old: $old"; echo "New: $new"; host moving.target.com > /root/vpnip; killall -s HUP openvpn fi ---- Then I run it every 5 minutes (with cron). Works for me. With cron you can get it to run every minute. If you want more than that then you might need another script like for ((;;)); do ./checkip; sleep 5; done That would call checkip every 5 seconds. But then you would have to get that script running somehow (and keep it running). Maybe make another script which would check if that is running and restart it if it's not. It's just easier with cron (if you can wait one minute). > I have noticed that if an IP address for > moving.target.com changes in /etc/hosts, /usr/bin/openvpn > doesn't use the new changed IP address to try to connect to, > instead it uses the same one it resolved from /etc/hosts > when it started up. Will the same happen with DNS ? I.e. > will or will not openvpn become aware of the *new* IP > address that will get dynamically updated with DynDNS ? See SIGNALS in OpenVPN manuals. SIGHUP causes OpenVPN to restart (and re-resolve IP address) Above script sends SIGHUP to all OpenVPN processes. It works just fine if you have only one tunnel, but if you have multiple tunnels then you need to get PID of the OpenVPN process that handles mobile tunnel and send signal only there. > Note: it is *not* possible to ask the dial-up machine to > connect to the server openvpn process, as the server is > behind a [stateful] firewall which allows connections > initiated from the inside, but not connections attempted to > be initiated from the outside. And we cannot change > configuration of the firewall. Yes it is possible for client to talk to server, but it has to be done with aid of some external server. You could run IRC bot on your server and then the client could say "hello" in IRC. Then server would execute some (sudo) script and everything would work like a charm. Anssi Kolehmainen ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |