On 23.07.23 15:32, Jason Long via Openvpn-users wrote:
1- If the port number is different, then "server" IP can be the same? > For example, the first server use:port 1194
[...]
server 10.8.0.0 255.255.255.0 The second server use: port 1195
[...]
server 10.8.0.0 255.255.255.0 Or both of "port" and "server IP" must be different?
Uuuhhh careful there. More below ...
2- You said, "A "NIC" can have multiple IP addresses", so, a server does not need to have multiple NAT NICs ? For example, A VPN provider can have a VPN server with a NIC that use three or four public IP addresses.
The relevant IP addresses to decide whether you need to use different ports are those that the clients actually connect to to establish the VPN. (I.e., the ones in the "remote ..." statement of the clients' config.)
In another list e-mail, you've shown your VPN server to use (at least two) *private* IPs to access Internet resources, so my guess is that you're going to have the clients connect to public IPs assigned to your Internet uplink, and that some separate device does NAT to redirect the traffic to your VPN server. In that case, in order to have different VPNs offered under the same port, you need two addresses *from those assigned to your Internet connection*; the VPN server can be left with just one internal IP (unless you get a *very* high number of VPN connections).
However, the "server" statements in your server-side configs state what IPs the *clients* will be assigned to use for the traffic *inside* the VPN, once they have connected. You very probably want to put different IP ranges into every single config file, *regardless* of whether "port" matches between two configs or not.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
