I'm triyng to arrange a quite complicates setup, at least I think it is so...
I have one server host and many client host. The problem is that each client host has many interfaces and each of this must have a specific address. I would like to do it having only 1 certificate so my CCD config file doesn't works.
SERVER
Code: Select all
mode server
tls-server
topology subnet
push "topology subnet"
ifconfig 10.8.0.1 255.255.255.0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
persist-key
persist-tun
keepalive 10 60
duplicate-cn
management 127.0.0.1 2323 stdin
client-config-dir /etc/openvpn/client-configs
script-security 2
keepalive 10 120
comp-lzo
#user nobody
#group nogroup
#status openvpn-status.log
#verb 6
for example in my first host client I have 2 interfaces and 2 differnt config files
client->INTERFACE1.conf
Code: Select all
client
proto tcp
local 172.16.0.10
remote 192.168.6.10 1194
dev tun0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
resolv-retry infinite
persist-key
persist-tun
ns-cert-type server
script-security 2
up "upRoutes.sh"
down "downRoutes.sh"
Code: Select all
client
proto tcp
local 172.16.2.12
remote 192.168.6.10 1194
dev tun2
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
resolv-retry infinite
persist-key
persist-tun
ns-cert-type server
script-security 2
up "upRoutes.sh"
down "downRoutes.sh"
As you can see these two config shares the ca and key file. I cannot generate a certificate for each interface because that number is variable and can be like 3 or like 30. It will be a kind of trunk!
then in the scripts i put the addresses in the interfaces but when i try to ping the server it drops the packet.
Could someone help?
Thanks you very much!
Salvatore
