Doubt About multiple instances openvpn

[cergius]

Hi:
I have working a server and client (both windows and with a LAN behind them) with two instances at the same time, client and server have two tun adapters, so they connects using two tunnels.
I want to use the first tunnel for remote desktop connections and other aplications and use the other tunnel exclusively for VoIP. In order to do that, I have configured the PBX IP in the central network with the IP address of one of the tun adaptaders, so once the client connects to server, the softphone connects to PBX IP, of that way it works voip through openvpn.
When I sniffed with wireshark the tun adapter that has the IP address assigned to the PBX IP I can see the VoIP traffic but also I can see other traffic like remote desktop passing through the adapter.
How can I choose which tunnel or instance is going to use a specific application or service?
Note: When I sniffed the tun adapter with wireshark I configured it for don’t use promiscuous mode.

[maikcat]

hi there,

please post configs.

to help you we must first the routes you sent to your clients...

Michael.

[cergius]

CONFIG FILES IN SERVER MACHINE

Config file of first tun adapter with IP address 10.8.0.1

Code: Select all

port 1194
proto udp
dev tun
dev-node TUN
ca "C:\\Archivos de Programa\\OpenVPN\\config\\ca.crt"
cert "C:\\Archivos de Programa\\OpenVPN\\config\\ServidorVM.crt"
key "C:\\Archivos de Programa\\OpenVPN\\config\\ServidorVM.key"
dh "C:\\Archivos de Programa\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0" # this is the network in the server side
client-config-dir "C:\\Archivos de Programa\\OpenVPN\\config\\ccd\\"
route 192.168.2.0 255.255.255.0 # this is the network in the client side
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

In the directory C:\Archivos de Programa\OpenVPN\config\ccd\ I have a file whose name is ClienteBoyuibe with this
content

Code: Select all

iroute 192.168.2.0 255.255.255.0

the config file of second tun adapter with IP address 10.9.0.1

Code: Select all

port 1195
proto udp
dev tun
dev-node TUN2
ca "C:\\Archivos de Programa\\OpenVPN\\config\\ca.crt"
cert "C:\\Archivos de Programa\\OpenVPN\\config\\ServidorVM.crt"
key "C:\\Archivos de Programa\\OpenVPN\\config\\ServidorVM.key"
dh "C:\\Archivos de Programa\\OpenVPN\\config\\dh1024.pem"
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist "C:\\Archivos de programa\\OpenVPN\\config\\config2\\ipp.txt"
push "route 192.168.1.0 255.255.255.0" # this is the network in the server side
client-config-dir "C:\\Archivos de Programa\\OpenVPN\\config\\config2\\ccd\\"
route 192.168.2.0 255.255.255.0 # this is the network in the client side
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

In the directory C:\Archivos de Programa\OpenVPN\config\config2\ccd\ I have a file whose name is ClienteBoyuibe with this
content

Code: Select all

iroute 192.168.2.0 255.255.255.0

CONFIG FILES OF CLIENT MACHINE

Config file of first tun adapter with IP address 10.8.0.6

Code: Select all

client
dev tun
dev-node TUN
proto udp
remote 200.212.128.254 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Archivos de programa\\OpenVPN\\config\\ca.crt"
cert "C:\\Archivos de programa\\OpenVPN\\config\\ClienteBoyuibe.crt"
key "C:\\Archivos de programa\\OpenVPN\\config\\ClienteBoyuibe.key"
ns-cert-type server
comp-lzo
verb 3

Config file of second tun adapter with IP address 10.9.0.6

Code: Select all

client
dev tun
dev-node TUN2
proto udp
remote 200.212.128.254 1195
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Archivos de programa\\OpenVPN\\config\\ca.crt"
cert "C:\\Archivos de programa\\OpenVPN\\config\\ClienteBoyuibe.crt"
key "C:\\Archivos de programa\\OpenVPN\\config\\ClienteBoyuibe.key"
ns-cert-type server
comp-lzo
verb 3

[maikcat]

hi there,


i noticed that you have in both configs this statement:

>route 192.168.2.0 255.255.255.0

if you fire up openvpn it tries to add a static route to your
openvpn server routing table for 192.168.2.0 network.

if you start second openvpn you have a problem.....

Michael.

[cergius]

Thanks for your replies maikcat.
Now I have erased the directive route 192.168.2.0 255.255.255.0 of the second config file.
I sniffed with wireshark again and still I can see that on the tun adapter that I want to use only for voip, exist another type of traffic like remote desktop.

Do you have another advice?

[maikcat]

hi there,

your scenario simply wont work this way
you have to redesign your setup.

maybe try to seperate your ip networks..
f.e if your have ip phones use for them 192.168.3.0 and for your pcs 192.168.2.0

also your client must have 2 ips (from net 192.168.2.x and 192.168.3.0)

then route 2.x subnet from the one tunnel and 3.x from the other..

Michael.

[cergius]

Hi:

The problem is that I only have softphones so I can`t do what you suggest, anyway pushing my problem aside
which is the benefit of running multiple instances openvpn?
which would be an example?

[maikcat]

hi there,

In my work i use a linux pc to connect to all of my customers via openvpn
so i have 70 tunnels up all the time and it works fine.

Michael.