Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-22-2013, 01:17 AM
|
#1
|
Senior Member
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,845
Rep:
|
Can openvpn client connect to multiple servers?
Obviously openvpn has some kind of support inside the code to handle multiple tunnels, since many separate clients can connect to a single server. However, connecting one client to multiple servers to be buggy. I found it is attempting to set up routes for one of the tunnel configs, while setting up IP addresses from the other (based on watching strace).
Does anyone know if it really can do this as a client?
FYI, all searches for "two tunnels openvpn" come up with different cases than what I'm trying to do. What I want to do is connect to more than one remote private LAN with different addresses at the same time.
|
|
|
09-25-2013, 01:57 AM
|
#2
|
Member
Registered: Jan 2006
Location: Dallas
Distribution: Slackware
Posts: 912
Rep:
|
Have you tried searching the openvpn forums ( http://forums.openvpn.net)? There seem to be a number of threads asking the same question, and it appears to be something that openvpn supports. I did a google search for "openvpn client connect to multiple servers" and got lots of hits.
I don't pretend to understand it, but it appears you may need to set up some static routes on the client side for each server IP you connect to, since you probably can't control what is pushed to you from each server.
Last edited by Z038; 09-27-2013 at 05:41 PM.
|
|
|
09-25-2013, 02:23 AM
|
#3
|
Senior Member
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683
|
it should be possible,. as long as the routes do not conflict
I imagine it could get complicated
you would probably need to set your own routes, and might be easier to use iptables to dictate where your traffic goes
|
|
|
09-26-2013, 10:42 PM
|
#4
|
Senior Member
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,845
Original Poster
Rep:
|
OK, turns out it is NOT possible ... within a single process ... unless it is the server. For a client, it is normally done as separate processes, but using a single init script that starts all clients. You have to get manual to take down ONE connection and leave others up, but at least you can.
This also means openvpn considers servers and clients as quite different. Really, such things should be symmetrical during operation. The only asymmetry that should exist is who starts the tunnel, and who authenticate's whose certificates to get to the point of generating a shared session key (not needed if you configure your own shared key).
|
|
|
09-26-2013, 11:05 PM
|
#5
|
Senior Member
Registered: Oct 2008
Distribution: Debian sid
Posts: 2,683
|
multiple clients using different ports and different tun/tap
firewall rules routing traffic based on , user , protocol , destination, DSCP....
I'm sure it could be done
can I do it?
not certain, I would have to learn how.
I guess I could mess about with a bunch of VMs
|
|
|
09-27-2013, 01:21 PM
|
#6
|
Senior Member
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,845
Original Poster
Rep:
|
Quote:
Originally Posted by Firerat
multiple clients using different ports and different tun/tap
firewall rules routing traffic based on , user , protocol , destination, DSCP....
I'm sure it could be done
can I do it?
not certain, I would have to learn how.
I guess I could mess about with a bunch of VMs
|
If you know networking, then it's a matter of learning openvpn and its limitations, as well as its flexibilities in other areas. There are many things it cannot do that could have been done in a secure tunneling program. They just didn't do all things and focused first on the common things. Then they added stuff to expand on that.
Unfortunately the documentation is more oriented around "read everything before doing anything" and is weak in the FAQ area for anything but common stuff. The ability for it to manage routes is limited ... you cannot put route and iroute options just anywhere. It treats clients and servers asymmetrically so some things won't work one way when they would work another way.
It can do pretty much anything you want it to do, but you might find some ways of expressing the config inconvenient, such as having to hard code route targets with guessed IP addresses.
|
|
|
All times are GMT -5. The time now is 03:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|