LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-22-2013, 01:17 AM   #1
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,845
Blog Entries: 31

Rep: Reputation: 180Reputation: 180
Can openvpn client connect to multiple servers?


Obviously openvpn has some kind of support inside the code to handle multiple tunnels, since many separate clients can connect to a single server. However, connecting one client to multiple servers to be buggy. I found it is attempting to set up routes for one of the tunnel configs, while setting up IP addresses from the other (based on watching strace).

Does anyone know if it really can do this as a client?

FYI, all searches for "two tunnels openvpn" come up with different cases than what I'm trying to do. What I want to do is connect to more than one remote private LAN with different addresses at the same time.
 
Old 09-25-2013, 01:57 AM   #2
Z038
Member
 
Registered: Jan 2006
Location: Dallas
Distribution: Slackware
Posts: 912

Rep: Reputation: 174Reputation: 174
Have you tried searching the openvpn forums (http://forums.openvpn.net)? There seem to be a number of threads asking the same question, and it appears to be something that openvpn supports. I did a google search for "openvpn client connect to multiple servers" and got lots of hits.

I don't pretend to understand it, but it appears you may need to set up some static routes on the client side for each server IP you connect to, since you probably can't control what is pushed to you from each server.

Last edited by Z038; 09-27-2013 at 05:41 PM.
 
Old 09-25-2013, 02:23 AM   #3
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683

Rep: Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783
it should be possible,. as long as the routes do not conflict
I imagine it could get complicated
you would probably need to set your own routes, and might be easier to use iptables to dictate where your traffic goes
 
Old 09-26-2013, 10:42 PM   #4
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,845

Original Poster
Blog Entries: 31

Rep: Reputation: 180Reputation: 180
OK, turns out it is NOT possible ... within a single process ... unless it is the server. For a client, it is normally done as separate processes, but using a single init script that starts all clients. You have to get manual to take down ONE connection and leave others up, but at least you can.

This also means openvpn considers servers and clients as quite different. Really, such things should be symmetrical during operation. The only asymmetry that should exist is who starts the tunnel, and who authenticate's whose certificates to get to the point of generating a shared session key (not needed if you configure your own shared key).
 
Old 09-26-2013, 11:05 PM   #5
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683

Rep: Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783
multiple clients using different ports and different tun/tap
firewall rules routing traffic based on , user , protocol , destination, DSCP....

I'm sure it could be done

can I do it?
not certain, I would have to learn how.

I guess I could mess about with a bunch of VMs
 
Old 09-27-2013, 01:21 PM   #6
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,845

Original Poster
Blog Entries: 31

Rep: Reputation: 180Reputation: 180
Quote:
Originally Posted by Firerat View Post
multiple clients using different ports and different tun/tap
firewall rules routing traffic based on , user , protocol , destination, DSCP....

I'm sure it could be done

can I do it?
not certain, I would have to learn how.

I guess I could mess about with a bunch of VMs
If you know networking, then it's a matter of learning openvpn and its limitations, as well as its flexibilities in other areas. There are many things it cannot do that could have been done in a secure tunneling program. They just didn't do all things and focused first on the common things. Then they added stuff to expand on that.

Unfortunately the documentation is more oriented around "read everything before doing anything" and is weak in the FAQ area for anything but common stuff. The ability for it to manage routes is limited ... you cannot put route and iroute options just anywhere. It treats clients and servers asymmetrically so some things won't work one way when they would work another way.

It can do pretty much anything you want it to do, but you might find some ways of expressing the config inconvenient, such as having to hard code route targets with guessed IP addresses.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openVPN multiple servers, can access all client all of my server bulkiter0z Linux - Networking 1 02-25-2011 10:58 AM
How to login multiple client pc on using via openvpn server from client side raja6525 Linux - Networking 1 11-24-2010 10:42 AM
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
OpenVPN-client connects,cant see servers subnet andbn Linux - Networking 0 10-29-2007 01:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration