Only 1 of 3 instances is working

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
LilaQ
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 05, 2021 8:38 am

Only 1 of 3 instances is working

Post by LilaQ » Thu Aug 05, 2021 7:42 pm

Hi there,

so today I got 3 Access Servers, and downloaded the config for all 3 of them. Then on my raspberry I ran 3 instances of openvpn (even with a different subnet configured in the Access Servers) with each of the config files.

My goal is to be able to route incoming traffic to individual devices, e.g. IP_of_Access_Server_1 leads to Client_1 in my network, IP_of_Access_Server_2 leads to Client_2 etc. That's why I have individual instances. For the rest I have 3 entries in my iptables:
sudo iptables -t nat -A PREROUTING -p tcp -d 172.27.232.0/20 --dport 44000 -j DNAT --to-destination 192.168.4.3:44000
sudo iptables -t nat -A PREROUTING -p tcp -d 172.27.248.0/20 --dport 44000 -j DNAT --to-destination 192.168.4.4:44000
sudo iptables -t nat -A PREROUTING -p tcp -d 172.27.200.0/20 --dport 44000 -j DNAT --to-destination 192.168.4.16:44000
The instances seem to start fine, but only 1 instance is really active, so e.g. I can only open the service on Client_1, the others will time out. And it's always the last instance I start, that works.
So, my guess here is, that the route entries get overwritten by the LZ0 commands that the Access Server pushes on start, to something that makes the other 2 not work anymore.

Here is the output of route, when only Device_2 over Access Server 2 is reachable:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.27.248.1    128.0.0.0       UG    0      0        0 tun1
default         fritz.box       0.0.0.0         UG    202    0        0 eth0
46.101.139.3   fritz.box       255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       172.27.248.1    128.0.0.0       UG    0      0        0 tun1
159.65.121.31  fritz.box       255.255.255.255 UGH   0      0        0 eth0
159.89.109.12  fritz.box       255.255.255.255 UGH   0      0        0 eth0
172.27.200.0    0.0.0.0         255.255.248.0   U     0      0        0 tun2
172.27.232.0    0.0.0.0         255.255.248.0   U     0      0        0 tun0
172.27.248.0    0.0.0.0         255.255.248.0   U     0      0        0 tun1
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0
Now, when I start the service for tun0 after that, it looks like this, and Device_1 is only reachable over Access Server 1:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.27.232.1    128.0.0.0       UG    0      0        0 tun0
default         fritz.box       0.0.0.0         UG    202    0        0 eth0
46.101.139.3   fritz.box       255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       172.27.232.1    128.0.0.0       UG    0      0        0 tun0
159.65.121.31  fritz.box       255.255.255.255 UGH   0      0        0 eth0
159.89.109.12  fritz.box       255.255.255.255 UGH   0      0        0 eth0
172.27.200.0    0.0.0.0         255.255.248.0   U     0      0        0 tun2
172.27.232.0    0.0.0.0         255.255.248.0   U     0      0        0 tun0
172.27.248.0    0.0.0.0         255.255.248.0   U     0      0        0 tun1
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0
Sadly my networking skills are not good enough to figure out - and I would REALLY appreciate it if anyone could help me out with this.

LilaQ
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 05, 2021 8:38 am

Re: Only 1 of 3 instances is working

Post by LilaQ » Fri Aug 06, 2021 10:59 am

No one can help me? I'm really stuck and don't know who / where else to ask :-(

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Only 1 of 3 instances is working

Post by openvpn_inc » Tue Aug 10, 2021 8:43 am

Hello LilaQ,

I would like to help but I've read your post over and over again and I'm really sorry but I have no idea what you're trying to do. I'll try to provide a little bit of information that may or may not be useful. If you could perhaps explain with a practical example what you're trying to do, that might be helpful. Because right now, it doesn't really seem to make much sense to me, sorry.

> So, my guess here is, that the route entries get overwritten by the LZ0 commands that the Access Server pushes on start, to something that makes the other 2 not work anymore.

I can at least tell you that that statement is wrong. LZO is a compression method. It has absolutely nothing to do with routing. So you can completely discount LZO settings from being in any way related to routing.

> 0.0.0.0 172.27.248.1 128.0.0.0 UG 0 0 0 tun1
> 128.0.0.0 172.27.248.1 128.0.0.0 UG 0 0 0 tun1

This shows you're redirecting VPN client Internet traffic through the VPN server. Try turning that off on all your Access Servers and see if that helps to resolve the problem. Whatever the problem is. Because when you're connecting to 3 different VPN servers simultaneously that all redirect the VPN client Internet traffic, that could end up with some pretty weird situations.

However, as to what you're actually trying to achieve, and how to do that... I wish you could provide more clear information about your goal so that we can provide you an answer.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

LilaQ
OpenVpn Newbie
Posts: 5
Joined: Thu Aug 05, 2021 8:38 am

Re: Only 1 of 3 instances is working

Post by LilaQ » Tue Aug 10, 2021 12:09 pm

Hi Johan!

Thanks for your reply, I'll try to re-phrase what my intentions are.

I have 3 different IOT devices in my network, and I want each to have a public IP (because I want to register them at a service, which forces you to use a certain port that can't be changed, to it needs to be one IP/Access Server per device).

Doing that with one raspberry pi + openvpn (connected to access server) per device works fine, but I would like to use one raspberry for all 3 devices, because I think it should be possible to handle these connections on a single device, rather than three.

So, in the end the RPi should run openvpn (possibly 3 instances, if necessary?), which connects Access Server #1 to device #1, Access Server #2 to device #2 etc. knowing if data comes in at Port X from AS1, it needs to go to device 1. If data comes in at Port X from AS2, it needs to go to device 2, etc. and vice versa.

Does that make my intentions clearer?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Only 1 of 3 instances is working

Post by openvpn_inc » Tue Aug 10, 2021 6:07 pm

LilaQ,

You do have to have those public IP addresses, somehow; OpenVPN cannot manufacture them. Where are they coming from?

More in the reply to your support ticket (yes that was me).

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply