openvpn multi sites

globaltech · Post by **globaltech** » Wed Mar 14, 2012 5:45 pm

hello,
our isp is block tls so i have to work with secret key solutions
i creat 4 keys for eash computer that i connect it and open these ports 3389 3390 3391 3392 on the server
i creat for conf files:

1:

proto tcp-server
port 3389
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static1.key 0

2:

proto tcp-server
port 3390
dev tun
ifconfig 10.8.0.3 10.8.0.4
secret static2.key

3:

proto tcp-server
port 3391
dev tun
ifconfig 10.8.0.5 10.8.0.6
secret static3.key

4:

proto tcp-server
port 3392
dev tun
ifconfig 10.8.0.7 10.8.0.8
secret static4.key

how i can runt it ?
i read the cock bock but i dont understand how i can run it at all.
thanks.

globaltech · Post by **globaltech** » Fri Mar 16, 2012 2:41 pm

anu suggest?
thanks.

Post by **Mimiko** » Mon Mar 19, 2012 8:01 am

Put these config files under same etc folder with the same extension: .ovpn (for windows) or .conf (for linux). When starting up openvpn deamon within etc folder and without any command line specified config file, the daemon will start a process for any config file it will find within that folder.

globaltech · Post by **globaltech** » Tue Mar 20, 2012 11:27 pm

hello,
when i tried to run it it's give me this error:

[root@ov ~]# openvpn --config /etc/openvpn/serv01.conf
Wed Mar 21 02:17:38 2012 OpenVPN 2.1.4 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Apr 24 2011
Wed Mar 21 02:17:38 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 21 02:17:38 2012 Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Wed Mar 21 02:17:38 2012 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Wed Mar 21 02:17:38 2012 Cannot allocate TUN/TAP dev dynamically
Wed Mar 21 02:17:38 2012 Exiting

thanks.

Post by **Mimiko** » Wed Mar 21, 2012 8:18 am

You don't have tun modules installed in your system. Please search for TUN modules to enable.

globaltech · Post by **globaltech** » Wed Mar 21, 2012 9:03 am

hello,
its work now with the first one:
but when i tried to connect from client from the second server conf file its give me this error in log:

There is a problem in your selection of --ifconfig endpoints [local=10.8.0.4, remote=10.8.0.3]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for

do i have to add any routing or rules to my iptables? except open the port?
thnaks.

Post by **Mimiko** » Wed Mar 21, 2012 9:15 am

You didn't configure properly the config file of server. Please read this topic topic8559.html to find how to assign IP addresses with ipconfig.

globaltech · Post by **globaltech** » Wed Mar 21, 2012 12:50 pm

hello,
the first serve conf file is work on client fine
the second conf file not working onthe client
the both cliant and server files have same configrations just change the port and static key file:

server conf 1

proto tcp-server
port 3389
dev tun
persist-key
persist-tun
ifconfig 10.8.0.1 10.8.0.2
secret /etc/openvpn/static.key

client conf1

proto tcp-client
remote 0.0.0.0 3389
dev tun
ifconfig 10.8.0.2 10.8.0.1
redirect-gateway
secret static.key
verb 8

server conf2

proto tcp-server
port 3390
dev tun
persist-key
persist-tun
ifconfig 10.8.0.3 10.8.0.4
secret /etc/openvpn/key02.key

client conf2

proto tcp-client
remote 0.0.0.0 3390
dev tun
ifconfig 10.8.0.4 10.8.0.3
redirect-gateway
secret key02.key
verb 8

i tired to use ipconf with puch but it's not work.
thanks.

Post by **Mimiko** » Wed Mar 21, 2012 1:33 pm

Please, read the link to the topic I gaved to you to understan how to setup ifconfig directive. For example, for first server-client setup use IPs 10.8.0.2 10.8.0.1, and for the second server-client setup use IPs: 10.8.0.6 10.8.0.5.

globaltech · Post by **globaltech** » Wed Mar 21, 2012 2:39 pm

thank you it's work fine now.
my problem now is with dns,
i tried to insert push "dhcp-option DNS 208.67.222.222"
but it's not work becuse i am using a static configration.
so any suggest?
thanks.

Post by **janjust** » Wed Mar 21, 2012 3:01 pm

don't use 'push' , just add

Code: Select all

dhcp-option DNS 208.67.222.222

to the "client" configuration file.

globaltech · Post by **globaltech** » Wed Mar 21, 2012 4:16 pm

hello,
thanks you it's work fine but the problem that the internet is not work
this the lcient ip table:
0.0.0.0 0.0.0.0 10.0.0.109 10.10.0.3 26
0.0.0.0 0.0.0.0 10.8.0.1 10.8.0.2 30
10.8.0.0 255.255.255.252 On-link 10.8.0.2 286
10.8.0.2 255.255.255.255 On-link 10.8.0.2 286
10.8.0.3 255.255.255.255 On-link 10.8.0.2 286
10.10.0.0 255.255.255.0 On-link 10.10.0.3 281
10.10.0.3 255.255.255.255 On-link 10.10.0.3 281
10.10.0.255 255.255.255.255 On-link 10.10.0.3 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
mywanip 255.255.255.255 10.10.0.254 10.10.0.3 25
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.2 286
224.0.0.0 240.0.0.0 On-link 10.10.0.3 282
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.2 286
255.255.255.255 255.255.255.255 On-link 10.10.0.3 281

idont know what is the ip 10.0.0.109
thanks.

Post by **janjust** » Wed Mar 21, 2012 10:37 pm

0.0.0.0 0.0.0.0 10.0.0.109 10.10.0.3 26

this is a local route, as far as I can tell

0.0.0.0 0.0.0.0 10.8.0.1 10.8.0.2 30

this is the VPN route

what does 'internet does not work' mean? can you ping the DNS server? or the IP address 8.8.8.8?

OpenVPN Support Forum

openvpn multi sites

openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites

Re: openvpn multi sites