Choose interface for Openvpn

Hello, if you have two modems, is it possible to tell Openvpn what interface to use? I know pfsense allows for this, but I do not see this as an option inside the Openvpn configuration in luci.

I've never tried to do this, but I would think that you'd do this via firewall rules.

For example, if you had 2x WAN interfaces, each with its own firewall zone (call them WAN1, WAN2), you could for example, allow forwarding from VPN > WAN1 and not VPN > WAN2.

Similarly, if you have multiple LAN interfaces, you could define which LAN(s) should have forwarding to the VPN (and possibly from the VPN) while prohibiting the other LAN(s).

If you're talking about physical interfaces, typically this is related to the network/VLAN configuration. You usually can't just simply say "use physical port 2" if you're talking about a switched interface since switching happens at L2 and doesn't go through the routing stack (L3)... in this case, you'd define port 2 such that it uses a VLAN that has forwarding to and/or from your VPN to that network.

This is called port binding. I do see a "nobind" option in example configurations, so there must also be some sort of "bind."

It would work similar to the -I option to ping. The outgoing connection from your client process to a VPN server is an ordinary Internet request from userspace.

Interesting thought from @mk24, worth looking into (will likely require experimentation). I always thought that this had a different reason for existing, but this might be a possible way to do what the OP was asking...

From the OVPN docs:

Bind to local address and port. This is the default unless any of --proto tcp-client , --http-proxy or --socks-proxy are used.
Do not bind to local address and port. The IP stack will allocate a dynamic port for returning packets. Since the value of the dynamic port could not be known in advance by a peer, this option is only suitable for peers which will be initiating connections by using the --remote option.