[lug] OpenVPN second instance on a server not working

karl horlen horlenkarl at yahoo.com
Tue Sep 14 17:57:12 MDT 2010 


--- On Wed, 9/8/10, David L. Anselmi <anselmi at anselmi.us> wrote:

> From: David L. Anselmi <anselmi at anselmi.us>
> Subject: Re: [lug] OpenVPN second instance on a server not working
> To: "Boulder (Colorado) Linux Users Group -- General Mailing List" <lug at lug.boulder.co.us>
> Date: Wednesday, September 8, 2010, 7:08 PM
> Carl Wagner wrote:
> > Hi,
> >
> > I have having problems getting a second instance of
> OpenVPN working.
> [...]
> > tun1      Link encap:UNSPEC 
> HWaddr
> > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
>         inet
> > addr:10.0.12.1  P-t-P:10.0.12.2 
> Mask:255.255.255.255
> >           UP
> POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500 
> Metric:1
> >           RX
> packets:159 errors:0 dropped:0 overruns:0 frame:0
> >           TX
> packets:0 errors:0 dropped:0 overruns:0 carrier:0
> >       
>    collisions:0 txqueuelen:100
> >           RX
> bytes:8100 (7.9 KiB)  TX bytes:0 (0.0 b)
> 
> I'm guessing a routing problem, because tun1 isn't
> transmitting.  The server is getting your echo 
> requests but isn't trying to send the replies through
> tun1.
> 
> What's the source IP of the echo requests?  It has to
> be 10.0.12.x or the replies won't come back 
> through the tunnel.
> 
> If you can see the requests on the server then the client
> routing is probably correct.  The server 
> routing seems to be also (I assume the default gateway uses
> the eth device).  So client source 
> address seems most likely to me.
> 
> > Destination     Gateway 
>        Genmask     
>    Flags Metric Ref    Use 
> Iface
> > 10.0.12.2       * 
>          
>    255.255.255.255 UH    0 
>     0        0  tun1
> > 10.0.12.0   
>    10.0.12.2   
>    255.255.255.0   UG 
>   0      0       
> 0  tun1
> 
> This matches what my VPN server uses.
> 
> Why do you want two instances?  One instance can
> manage multiple connections.

just so i follow you here. are you saying that one instance on the server can a) handle multiple ip networks or b) simply multiple clients?  i understand the second part b by the very definition of vpn.  

but it sounds like you're saying "a" is possible as well.  if so can you clarify?  i'm walking through this in my head right now and i'm starting to get it.  if you can tunnel multiple protocols through ssh than it's probably possible to have an openvpn server listen on the same port from multiple external clients and multiplex to different pseudo private ip networks.  right?  do you have a config file example to route two ip networks. though that would sort of be silly really i think.

More information about the LUG mailing list