OpenSwan L2TP/IPSec sshd bind address

Question

Okay so I have been on Google for about an hour or so trying to figure this one out.

I have a L2TP/IPSec vpn setup. When clients connect a new interface is created for that client the issue is durning boot and most of the time these interfaces do not exist. My vpn range starts at 10.24.1.1 I want sshd to listen on 10.24.1.1 but when there is no client connected it failes to bind address

/var/log/secure:

Apr 15 01:38:26 arija sshd[28068]: error: Bind to port 22 on 10.24.1.1 failed: Cannot assign requested address.

which makes sense. My Question is. Is there a way to create some sort of dummy interface or just assign 10.24.1.1 so sshd will listen on it? Thanks for the help!!

Also Server is CentOs 6 64bit

Answer 1

you can just add the ip address you need to the interface during startup the configuration depends on which linux flavor you're using, as an example for ubuntu it's located in /etc/network/interfaces.d/eth0.cfg. Make sure you're excluding this address from the address pool you are using to provision IP Addresses to the L2tP clients

Answer 2

First of all, you need to understand, that in common situation service can listen only on 'up-and-running' interface with assigned IP. The reason of this is Linux core limitations. You can change this behavior at runtime with:

sysctl net.ipv4.ip_nonlocal_bind=1

or at boot time by setting same parameter in /etc/sysctl.conf:

...
net.ipv4.ip_nonlocal_bind=1
...

But there is simpler way for you: you can bind sshd to 0.0.0.0 in their config /etc/ssh/sshd_config:

...
ListenAddress 0.0.0.0
...