[lug] OpenVPN second instance on a server not working

[David L. Anselmi]

karl horlen wrote:
> --- On Wed, 9/8/10, David L. Anselmi<anselmi at anselmi.us>  wrote:
 >
>> Why do you want two instances?  One instance can
>> manage multiple connections.
>
> just so i follow you here. are you saying that one instance on the server can a) handle multiple
> ip networks or b) simply multiple clients?  i understand the second part b by the very definition
> of vpn.

What do you mean multiple IP networks?  Of course it can.  (Rather than trying to understand the low 
level details you might describe what you want at a high level and then read the howtos about how to 
accomplish your goal.)

Obviously there has to be a path to get the VPN packets to/from a physical interface on the 
client/server.  There can be many paths and many interfaces but in the end the client's packets have 
to hit the server's port.

Beyond that everything is virtual (surprise!)  So both ends get a virtual interface (tun0) that gets 
an IP.  You can use whatever you want for that.  You can use different nets for different 
connections.  You can probably assign many IPs to each virtual interface (but probably that's a 
scripting thing, not something the openvpn config handles directly).

OK, so perhaps I exaggerate the flexibility a little.  You can't do silly things like use the same 
IP on the virtual and physical interfaces.  You might not be able to assign completely different 
nets to the virtual interfaces (but you can assign separate /30s, or use routes or iptables to join 
or separate them, so that may not be significant).

I'm sure some can find a reason to run multiple servers (does inetd do that automagically?)  But 
there's a lot you can do with just one--it isn't designed to be single tasking code.  Generally you 
want to do the simplest thing that works (if Carl had used one port he wouldn't have run into his 
firewall rule--not that being reminded of it was a bad thing in the long run).

Dave