openvpn multiple instances route issue?

solo9300 · Post by **solo9300** » Thu Dec 22, 2011 3:02 am

I am tring to connect to form same PC to openvpn server with openvpn tow instance. I have a server with multiple IP and running tow openvpn server instances on the same Server. Trying to connect to those instances from one PC at the same time.

I can connect to them separately however when i try to connect to them together the first instance connect fine. but the second instance i get this error:

Code: Select all

Thu Dec 22 05:27:04 2011 /usr/sbin/ip link set dev tun0 up mtu 1500
Thu Dec 22 05:27:04 2011 /usr/sbin/ip addr add dev tun0 local 10.10.0.5 peer 10.10.0.6
Thu Dec 22 05:27:04 2011 /usr/sbin/ip route add 184.75.xxx.xxx/32 via 10.0.0.1
RTNETLINK answers: File exists
Thu Dec 22 05:27:04 2011 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Dec 22 05:27:04 2011 /usr/sbin/ip route add 0.0.0.0/1 via 10.10.0.6
RTNETLINK answers: File exists
Thu Dec 22 05:27:04 2011 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Dec 22 05:27:04 2011 /usr/sbin/ip route add 128.0.0.0/1 via 10.10.0.6
RTNETLINK answers: File exists
Thu Dec 22 05:27:04 2011 ERROR: Linux route add command failed: external program exited with error status: 2

Server A config

Code: Select all

port 1190
proto udp
dev tun1
ca /etc/openvpn/ca.crt
cert /etc/openvpn/serverA.crt
key /etc/openvpn/serverA.key
dh /etc/openvpn/dh1024.pem

server 10.3.0.0 255.255.255.0
ifconfig-pool-persist 10.3.0.0-ipp.txt

--mode server
--tls-server
client-config-dir /etc/openvpn/ccd.d
route 10.3.0.0 255.255.255.252

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status 10.3.0.0-openvpn-status.log
verb 3

Server B config

Code: Select all

port 1191
proto udp
dev tun0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/serverB.crt
key /etc/openvpn/serverB.key
dh /etc/openvpn/dh1024.pem
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist 10.10.0.0-ipp.txt
--mode server
--tls-server
client-config-dir /etc/openvpn/ccd.d
route 10.10.0.0 255.255.255.252

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status 10.10.0.0-openvpn-status.log
verb 3

Client A config

Code: Select all

client
dev tun1
proto udp
remote 184.75.xxx.xxx 1190
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
ns-cert-type server
comp-lzo
verb 3
--script-security 2

<b>Client B config</b>

Code: Select all

client
dev tun0
proto udp
remote 184.75.xxx.xxx 1191
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client2.crt
key /etc/openvpn/client2.key
ns-cert-type server
comp-lzo
verb 3
--script-security 2

Any help would be much appreciated.

Post by **janjust** » Thu Dec 22, 2011 9:25 am

both openvpn setups want to redirect all traffic via the VPN tunnel - that is not going to work. So the second instance will receive this warning, even though the tunnel will still be up. All traffic will still be routed via the first OpenVNP connection, however.

solo9300 · Post by **solo9300** » Thu Dec 22, 2011 3:48 pm

thx for reply my post,

is there a solution or workaround for this issue or its simply cannot be done?

Post by **janjust** » Thu Dec 22, 2011 4:02 pm

err, what is it that you want to achieve? you cannot route all traffic to 2 default locations.
the second client instance works but not all traffic will be routed over it.

solo9300 · Post by **solo9300** » Thu Dec 22, 2011 4:56 pm

well, I have Servers on another location and would like to use the IPs on the openvpn server for those Servers. The openvpn server have 5 IPs i would like to be able to use and need those IPs to go though to one of the servers and then get foreword to local servers?

Post by **janjust** » Thu Dec 22, 2011 11:27 pm

I still don't understand your use case completely; it can probably be done without using "redirect-gateway", but I can't tell for sure. It is most definitely a routing setup issue, not an OpenVPN issue per se.

solo9300 · Post by **solo9300** » Fri Dec 23, 2011 12:09 am

I have local network with those servers:
Server 1:
eth0: 10.0.0.2 (Internet)
eth1: 10.0.1.1 (local network)
tun0 port foreword needed services to 10.0.1.1
tun1 port foreword needed services to 10.0.1.4
tun2 port foreword needed services to 10.0.1.10
Running (dns http )

Server 2:
eth1: 10.0.1.4 (Internet)
Running (dns, http and mail server)

Server 3:
eth1: 10.0.1.10 (Internet)
Running (http)

I bought a vps server with 5 IPs and I would like to use those IPs on my local network with the help of openvpn.

Post by **Mimiko** » Sun Dec 25, 2011 8:22 am

You don't need multiple instances of OpenVPN for this. On the VPS you bought install OpenVPN server and assign WAN IPs o client like in this tutorial: topic8559.html
Your local server 1 may act a common OpenVPN client which will redirect all access to the specified WAN IP to some other local server. Or you can install on each local server a OpenVPN client and so will get an WAN IP address from OpenVPN server.

OpenVPN Support Forum

openvpn multiple instances route issue?

openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?

Re: openvpn multiple instances route issue?