Hello, Thank you so much for your reply. I did, but got an error: # systemctl start openvpn-server@server Job for openvpn-server@server.service failed because the control process exited with error code. See "systemctl status openvpn-server@server.service" and "journalctl -xeu openvpn-server@server.service" for details.
I changed it to: # systemctl start openvpn@server It worked, but another problem is that I can't run another OpenVPN server: # systemctl start openvpn@server2 It never created any new "tun" interface. I just have one tun: tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2 inet6 fe80::51d4:2047:ba46:d86 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 8 bytes 557 (557.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7 bytes 348 (348.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 My server2 config file is: port 1194 proto udp dev tun ca /etc/openvpn/server2/ca.crt cert /etc/openvpn/server2/server2.crt key /etc/openvpn/server2/server2.key dh /etc/openvpn/server2/dh.pem server 10.9.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.8.8" keepalive 10 120 tls-auth /etc/openvpn/server2/ta.key 0 data-ciphers AES-256-CBC user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 Se you see, it must create another tun interface with "inet 10.9.0.1" IP. The log file showed: # cat /var/log/openvpn/openvpn.log 2023-07-22 02:21:23 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. 2023-07-22 02:21:23 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2023-07-22 02:21:23 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload. 2023-07-22 02:21:23 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 2023-07-22 02:21:23 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10 2023-07-22 02:21:23 DCO version: N/A 2023-07-22 02:21:23 net_route_v4_best_gw query: dst 0.0.0.0 2023-07-22 02:21:23 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2023-07-22 02:21:23 Diffie-Hellman initialized with 2048 bit key 2023-07-22 02:21:23 net_route_v4_best_gw query: dst 0.0.0.0 2023-07-22 02:21:23 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2023-07-22 02:21:23 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:ed:b4:7c 2023-07-22 02:21:23 TUN/TAP device tun1 opened 2023-07-22 02:21:23 net_iface_mtu_set: mtu 1500 for tun1 2023-07-22 02:21:23 net_iface_up: set tun1 up 2023-07-22 02:21:23 net_addr_ptp_v4_add: 10.9.0.1 peer 10.9.0.2 dev tun1 2023-07-22 02:21:23 net_route_v4_add: 10.9.0.0/24 via 10.9.0.2 dev [NULL] table 0 metric -1 2023-07-22 02:21:23 Could not determine IPv4/IPv6 protocol. Using AF_INET 2023-07-22 02:21:23 Socket Buffers: R=[212992->212992] S=[212992->212992] 2023-07-22 02:21:23 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98) 2023-07-22 02:21:23 Exiting due to fatal error 2023-07-22 02:21:23 net_route_v4_del: 10.9.0.0/24 via 10.9.0.2 dev [NULL] table 0 metric -1 2023-07-22 02:21:23 Closing TUN/TAP interface 2023-07-22 02:21:23 net_addr_ptp_v4_del: 10.9.0.1 dev tun1 What is the problem? On Friday, July 21, 2023 at 07:14:30 PM GMT+3:30, Jochen Bern <jochen.b...@binect.de> wrote: On 21.07.23 17:10, Gert Doering wrote: > If you want multiple VPNs to be active at the same time, you need to > run one openvpn instance with an individual config each. > > How to do that with systemd I wouldn't know (I'm a FreeBSD person). https://community.openvpn.net/openvpn/wiki/Systemd I.e., from a "template" unit file installed with OpenVPN, you derive one systemd service for each config file, and administrate those like you would a "standalone" service. Kind regards, -- Jochen Bern Systemingenieur Binect GmbH _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
