Issue with multiple instance (tcp & udp)

[sunilmh]

Hi,

I am running two instance of openvpn on linux Centos 5.4 (32 bit). One for TCP and other one for UDP. Both instance are running on the same port 1194. Both configuration files are placed in same location.
Issues:
-----------
1. I am able to ping to server for the instance which I run first. If i run TCP server instance first will be able to connect to server through TCP client config. But if change client config to UDP, log shows connection initiated successfully to server, but can't ping to server ip.
2. If UDP server instance started first, my client UDP connection allows me to ping to server IP, but TCP client instance show successfull connectivity to server, but can't ping to server ip.

Config Details:
==============
server_tcp.config
----------------------------
ccd-exclusive
management 0.0.0.0 7505
resolv-retry infinite

port 1194

proto tcp
;proto udp

server_udp.config
---------------------------
ccd-exclusive
management 0.0.0.0 7506
resolv-retry infinite

port 1194

;proto tcp
proto udp


Any input on this issue will be very valuable for me.

Thanks,
Sunil

[janjust]

this depends on other parts of your server config ; the different configuration need separate IP ranges, which must not overlap; which IP is assigned in UDP or TCP mode?

[maikcat]

hi there,

please post complete configs first.

Michael.

[sunilmh]

Hi,

I am using the same ip range for both TCP and UDP. Please find the below config details for both TCP and UDP.
Also I have added client config details. I need to have same ip range for both the ports.

===========================================================================================
server_tcp.conf
------------------------------------
;local a.b.c.d
ccd-exclusive
management 0.0.0.0 7505
resolv-retry infinite

port 1194

# TCP or UDP server?
proto tcp
;proto udp

;dev tap
dev tun

;dev-node MyTap

ca /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/ca.crt
cert /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.crt
key /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.key

dh /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/dh1024.pem

server 10.2.0.0 255.255.0.0

;ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

push "route 192.168.0.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

client-config-dir /usr/local/src/openvpn-2.1.4/test_app/ccd/
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

;client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0

;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

log /var/log/openvpn_tcp.log
;log-append openvpn.log

verb 6

;mute 20
==========================================================================================

===========================================================================================
server_udp.conf
------------------------------------
;local a.b.c.d
ccd-exclusive
management 0.0.0.0 7506
resolv-retry infinite

port 1194

# TCP or UDP server?
;proto tcp
proto udp

;dev tap
dev tun

;dev-node MyTap

ca /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/ca.crt
cert /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.crt
key /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.key

dh /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/dh1024.pem

server 10.2.0.0 255.255.0.0

;ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

push "route 192.168.0.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

client-config-dir /usr/local/src/openvpn-2.1.4/test_app/ccd/
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

;client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0

;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

log /var/log/openvpn_tcp.log
;log-append openvpn.log

verb 6

;mute 20
==========================================================================================


==========================================================================================
client.config
---------------------
client
float
;auth-user-pass
auth-nocache
dev tun
proto udp
remote 10.30.10.164 1194
nobind
ca ca.crt
cert jon.crt
key jon.key
remote-cert-tls server
comp-lzo
verb 6
ping 10
;route remote_host default net_gateway
==========================================================================================

Thanks,
Sunil

[janjust]

I am using the same ip range for both TCP and UDP. Please find the below config details for both TCP and UDP.
Also I have added client config details. I need to have same ip range for both the ports.

as I said, you can't. The problem you're seeing is caused exactly by this.
You will need to resort to bridging + external DHCP to use the same IP range for two separate openvpn instances.

[maikcat]

hi there,

you simply *cannot* have 2 interfaces using same ip network..

Michael.

[sunilmh]

Hi,

I tried hard to get the proper documentation on setting up both TCP and UDP openvpn instances.
From my post replies I got to know it can be done through bridging or having two ip ranges for both ports.

Can I get a complete procedure(documentation) for this ?

Thanks,
Sunil