- Client 1 and Server 2 can only see each other
- Client 3 and Server 4 can only see each other
:?: How To Setup a Multi-Client/Client-To-Client Server
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
- minternauta
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 06, 2017 2:58 pm
:?: How To Setup a Multi-Client/Client-To-Client Server
Hey, Guys. I'm a "newbie" in the OpenVPN tech.. So, i need a big help! I need to configure an OpenVPN server that can receive connection from multiple clients and allow these clients to communicate with each other with the following rules, as in the image below:
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: :?: How To Setup a Multi-Client/Client-To-Client Server
Customise which servers you push to your clients using --client-config-dir.minternauta wrote:I have already been able to configure two clients with two different certificate/keys pair
See --client-config-dir in The Manual v24x
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: :?: How To Setup a Multi-Client/Client-To-Client Server
i'm not sure if i understood this correctly ,
client1 , client2 , server1 , server2 are all connected to the same vpn server as vpn clients , and you want that client1 and client2 can't reach server1 or server2 trough the vpn ?
it's not that hard , but you'll have to implement some type of firewall on your vpn server or possibly you could do that even on server1 & server2 if you don't do NAT on your vpn.
your VPN server should be configured for ease of use with something like
you can use a higher netmask if you want
then dived this network in two separate subnets
then set up --client-config-dir (see the manual on how to do that) and assign the clients IP addresses from one range and the servers from another (excluding 10.10.10.0,10.10.10.127,10.10.10.128,10.10.10.255) , then set up firewall rules between the two ranges on your vpn server
you can create smaller subnets , or even do individual IP addresses firewalling rules , take this as just a summary of how you could do this and not sure if i'm 100% accurate .
client1 , client2 , server1 , server2 are all connected to the same vpn server as vpn clients , and you want that client1 and client2 can't reach server1 or server2 trough the vpn ?
it's not that hard , but you'll have to implement some type of firewall on your vpn server or possibly you could do that even on server1 & server2 if you don't do NAT on your vpn.
your VPN server should be configured for ease of use with something like
Code: Select all
topology subnet
server 10.10.10.0 255.255.255.0
then dived this network in two separate subnets
Code: Select all
10.10.10.0 255.255.255.0 (10.10.10.0/24) => 10.10.10.0-10.10.10.127 255.255.255.128 (10.10.10.0/25)
=> 10.10.10.128-10.10.10.255 255.255.255.128 (10.10.10.128/25)
you can create smaller subnets , or even do individual IP addresses firewalling rules , take this as just a summary of how you could do this and not sure if i'm 100% accurate .
- minternauta
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 06, 2017 2:58 pm
Re: :?: How To Setup a Multi-Client/Client-To-Client Server
Hey, TiTex.. U are close.. I want that client 1 to reach server 1 only and the client 2 to reach the server 2 only. So :
Client 1 => Server 1
Client 2 => Server 2
Soo, i also configured the server with the topology subnet. So you're telling me to use client-config-dir to set fixed IPs for VPN clients and cofnigured
individual routes for each client. Okay. Give me some help.
Do these routes I establish through iptables of Linux or .. ?
What would be the route configuration?
Client 1 => Server 1
Client 2 => Server 2
Soo, i also configured the server with the topology subnet. So you're telling me to use client-config-dir to set fixed IPs for VPN clients and cofnigured
individual routes for each client. Okay. Give me some help.
Do these routes I establish through iptables of Linux or .. ?
What would be the route configuration?
- minternauta
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 06, 2017 2:58 pm
Re: :?: How To Setup a Multi-Client/Client-To-Client Server
Just to Updated, i come up with these server configs:
Its worked, Client 1 has the 10.1.0.4 and the Client 2 has the 10.1.0.5 IP. Now how i setup the routes. In that config the Client 1 cant ping the Server 1, the Clients only see the VPN Server.
Server Config
# OpenVPN HVPN Server Configuration
# Marcelo Junior (2017)
mode server
tls-server
port 1194
proto tcp-server
dev tun
# SSL Configs
ca /openvpn/ca/keys/ca.crt
cert /openvpn/ca/keys/HospedagemVPNServer.crt
key /openvpn/ca/keys/HospedagemVPNServer.key # This file should be kept secret
dh /openvpn/ca/keys/dh4096.pem
tls-auth /openvpn/ca/keys/ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256
# Network Configs
topology subnet
push "topology subnet"
ifconfig 10.1.0.1 255.255.255.0
push "route-gateway 10.1.0.1"
ifconfig-pool 10.1.0.2 10.1.0.250 255.255.255.0
# Client Configs
client-config-dir /openvpn/clients/configs
# Others
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 7
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# Marcelo Junior (2017)
mode server
tls-server
port 1194
proto tcp-server
dev tun
# SSL Configs
ca /openvpn/ca/keys/ca.crt
cert /openvpn/ca/keys/HospedagemVPNServer.crt
key /openvpn/ca/keys/HospedagemVPNServer.key # This file should be kept secret
dh /openvpn/ca/keys/dh4096.pem
tls-auth /openvpn/ca/keys/ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256
# Network Configs
topology subnet
push "topology subnet"
ifconfig 10.1.0.1 255.255.255.0
push "route-gateway 10.1.0.1"
ifconfig-pool 10.1.0.2 10.1.0.250 255.255.255.0
# Client Configs
client-config-dir /openvpn/clients/configs
# Others
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 7
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
Client 1 Config
# Setup the Fixed Address for the Client
ifconfig-push 10.1.0.4 255.255.255.0
ifconfig-push 10.1.0.4 255.255.255.0
Server 1 Config
# Setup the Fixed Address for the Client
ifconfig-push 10.1.0.5 255.255.255.0
ifconfig-push 10.1.0.5 255.255.255.0