Hi, On 06/01/2024 08:43, Peter Davis via Openvpn-users wrote:
Hello, 1- Is it possible to run all OpenVPN servers on one port? I currently have an OpenVPN server running with an IP address range of 20.20.0.0 on port 2024, now I want to run another server with a different IP address range on the same port as before.
Assuming you could have two daemons listening on the same port, where should an incoming connection be sent to? In any case, only one socket can be bound to a ip:port, therefore no, you it is not possible to run multiple servers listening on the same port.
2- Should every OpenVPN server have its own TUN? Can't run all servers on one TUN?
Each server is independent from each other, they do not communicate, therefore each of them needs its own infrastructure, including the tun device.
3- I found the following firewall rules on the internet: # IF_MAIN=NIC_Name # IF_TUNNEL=tun0 # YOUR_OPENVPN_SUBNET=10.10.0.0/16 # iptables -I INPUT -p udp --dport 2024 -j ACCEPT # iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT # iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE Do I have to repeat the above firewall rules for each server?
Well, you are matching on YOUR_OPENVPN_SUBNET/IF_TUNNEL. IF those are different for each server..then yeah, you need multiple rules.
Cheers,
Thanks. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
-- Antonio Quartulli _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
