# IP alias: what piece of puzzle am I missing here?



## cbrace (Mar 29, 2016)

Hi all,

I ordered a second IP address for my VPS. I would like to configure net/openvpn to listen to ports 80 or 443 on the second IP number so I can connect to my VPN from behind a corporate firewall.

My external NIC is vtnet0.

I assigned the additional IP number to this address with `ifconfig`.

I set up two additional openvpn server configure files for the new IP and port combinations, with two additional subnets, and run these additional instances. 

I added nat directives for these two new subniets to /etc/pf.conf, which seem to load OK:


```
nat on vtnet0 inet from 10.8.0.0/24 to any -> (vtnet0) round-robin
nat on vtnet0 inet from 10.8.1.0/24 to any -> (vtnet0) round-robin
nat on vtnet0 inet from 10.8.2.0/24 to any -> (vtnet0) round-robin
```

I also added these lines to /usr/local/etc/dnsmasq.conf:

```
listen-address=127.0.0.1
listen-address=10.8.0.1
listen-address=10.8.1.1
listen-address=10.8.2.1
```

If I connect to the original IP number via port 1184, the first subnet above, everything works fine.

If I connect to the IP alias address on port 80 or 443, openvpn appears to set up the connection normally, but I can't connect with anything. If I try to ssh to the server, I get an error message: _connection refused_.

Any thoughts on what I'm missing here? Do I need an additional PF directive?

TIA


----------



## SirDice (Mar 29, 2016)

Use the local keyword to bind OpenVPN to the specific IP address.


----------



## cbrace (Mar 29, 2016)

I'm using that already in the server conf files.


----------

