Is it possible to have multiple subnets on one openvpn serv?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
cszabi
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 20, 2014 8:59 am

Is it possible to have multiple subnets on one openvpn serv?

Post by cszabi » Thu Mar 20, 2014 12:48 pm

Is it possible to have multiple client subnets on one openvpn server with one openvpn instance in case topology subnet?
I would like my clients to have static IP addresses from 2 different subnets: 10.20.0.0/16 and 10.30.0.0/16. I would like also to use topology subnet because of the better IP handling. I have windows and linux clients also. The two different IP ranges were working in case of net30 topology fine, but I do not know if it is possible also with topology subnet.

server config:
port 443
proto tcp-server
dev tun
ca /openvpn_nas/client_ca.crt
cert /openvpn_nas/server.crt
key /openvpn_nas/server.key
dh /openvpn_nas/dh2048.pem
client-config-dir /openvpn_nas/ccd
remote-cert-tls client
keepalive 10 120
comp-lzo
tun-mtu 1400
cipher AES-256-CBC
auth sha1
persist-key
persist-tun
status /var/opws/openvpn-status.log
log-append /var/opws/openvpn-server.log
verb 9
script-security 2
client-connect /opt/opws/onconnect.sh
client-disconnect /opt/opws/ondisconnect.sh
topology "subnet"
server 5.5.0.0 255.255.255.0
push "route 10.96.252.1 255.255.255.255"
push "topology subnet"
route 10.32.0.0 255.255.0.0
route 10.20.0.0 255.255.0.0

client config:
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto tcp-client
cipher aes-256-cbc
auth sha1
remote 172.27.16.3 443
comp-lzo yes
tls-client
tun-mtu 1400
mtu-disc yes
tun-ipv6
log-append /var/log/openvpncl
ca ca.crt
cert B40011.crt
key B40011.key
keepalive 10 120
float
remote-cert-tls server
verify-x509-name "xxxxxxx"

ccd:
ifconfig-push 10.20.0.89 255.255.0.0

cszabi
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 20, 2014 8:59 am

Re: Is it possible to have multiple subnets on one openvpn s

Post by cszabi » Tue Mar 25, 2014 5:28 pm

Thank you for reply.
I tried to go in other direction:
modify server in server.conf to:
server 10.20.0.0 255.254.0.0

in this case I could handle IP's: 10.20.0.0 - 10.21.255.255

But I receive:
Options error: --server directive netmask allows for too many host addresses (subnet must be 255.255.0.0 (/16) or higher)
Use --help for more information.
and the server is not starting up at all.

It's obvious that I will not handle that amount of clients on one server, I will use load balancing but is there a way to work this around?
It would be fine to use the same config on all servers and not using an openvpn server for every /16 range.
Someone has an idea for that?

wtosta
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 24, 2021 7:05 am

Re: Is it possible to have multiple subnets on one openvpn serv?

Post by wtosta » Tue Aug 24, 2021 7:13 am

"Is it possible to have multiple subnets on one openvpn serv?"

(Concerning OpenVPN Server 2.5.3)

Yes, it is.

Simply, you just have to define two subnets in server.conf

For example:

# Network Configuration - OpenVPN internal network
topology subnet
# First subnet
server 10.0.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0 10.0.0.1
# Second subnet
server 10.0.1.0 255.255.255.0
route 10.0.1.0 255.255.255.0 10.0.1.1

Best regards,
Witek

wark
OpenVpn Newbie
Posts: 2
Joined: Tue Sep 27, 2022 7:19 am

Re: Is it possible to have multiple subnets on one openvpn serv?

Post by wark » Tue Sep 27, 2022 7:22 am

@wtosta Great, How to use the different subnets with different clients?
E.g. if I want to clientA in subnet 1 and clientB in subnet 2, how can I write the configure files? Any instructions or suggestions?
Thanks.

User avatar
ordex
OpenVPN Inc.
Posts: 404
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Is it possible to have multiple subnets on one openvpn serv?

Post by ordex » Tue Sep 27, 2022 1:55 pm

you can't have different "subnets", but you can allocate a larger subnet for the VPN (via the --server directive) and then use ccd files for each client to assign specific IPs. But this needs to be done manually for each client.

Post Reply