IP alias: what piece of puzzle am I missing here?

Hi all,

I ordered a second IP address for my VPS. I would like to configure net/openvpn to listen to ports 80 or 443 on the second IP number so I can connect to my VPN from behind a corporate firewall.

My external NIC is vtnet0.

I assigned the additional IP number to this address with ifconfig.

I set up two additional openvpn server configure files for the new IP and port combinations, with two additional subnets, and run these additional instances.

I added nat directives for these two new subniets to /etc/pf.conf, which seem to load OK:

Code:
nat on vtnet0 inet from 10.8.0.0/24 to any -> (vtnet0) round-robin
nat on vtnet0 inet from 10.8.1.0/24 to any -> (vtnet0) round-robin
nat on vtnet0 inet from 10.8.2.0/24 to any -> (vtnet0) round-robin

I also added these lines to /usr/local/etc/dnsmasq.conf:
Code:
listen-address=127.0.0.1
listen-address=10.8.0.1
listen-address=10.8.1.1
listen-address=10.8.2.1

If I connect to the original IP number via port 1184, the first subnet above, everything works fine.

If I connect to the IP alias address on port 80 or 443, openvpn appears to set up the connection normally, but I can't connect with anything. If I try to ssh to the server, I get an error message: connection refused.

Any thoughts on what I'm missing here? Do I need an additional PF directive?

TIA
 
Use the local keyword to bind OpenVPN to the specific IP address.
 
Back
Top