Is it possible to have multiple client subnets on one openvpn server with one openvpn instance in case topology subnet?
I would like my clients to have static IP addresses from 2 different subnets: 10.20.0.0/16 and 10.30.0.0/16. I would like also to use topology subnet because of the better IP handling. I have windows and linux clients also. The two different IP ranges were working in case of net30 topology fine, but I do not know if it is possible also with topology subnet.
server config:
port 443
proto tcp-server
dev tun
ca /openvpn_nas/client_ca.crt
cert /openvpn_nas/server.crt
key /openvpn_nas/server.key
dh /openvpn_nas/dh2048.pem
client-config-dir /openvpn_nas/ccd
remote-cert-tls client
keepalive 10 120
comp-lzo
tun-mtu 1400
cipher AES-256-CBC
auth sha1
persist-key
persist-tun
status /var/opws/openvpn-status.log
log-append /var/opws/openvpn-server.log
verb 9
script-security 2
client-connect /opt/opws/onconnect.sh
client-disconnect /opt/opws/ondisconnect.sh
topology "subnet"
server 5.5.0.0 255.255.255.0
push "route 10.96.252.1 255.255.255.255"
push "topology subnet"
route 10.32.0.0 255.255.0.0
route 10.20.0.0 255.255.0.0
client config:
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto tcp-client
cipher aes-256-cbc
auth sha1
remote 172.27.16.3 443
comp-lzo yes
tls-client
tun-mtu 1400
mtu-disc yes
tun-ipv6
log-append /var/log/openvpncl
ca ca.crt
cert B40011.crt
key B40011.key
keepalive 10 120
float
remote-cert-tls server
verify-x509-name "xxxxxxx"
ccd:
ifconfig-push 10.20.0.89 255.255.0.0
Is it possible to have multiple subnets on one openvpn serv?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Mar 20, 2014 8:59 am
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Mar 20, 2014 8:59 am
Re: Is it possible to have multiple subnets on one openvpn s
Thank you for reply.
I tried to go in other direction:
modify server in server.conf to:
server 10.20.0.0 255.254.0.0
in this case I could handle IP's: 10.20.0.0 - 10.21.255.255
But I receive:
Options error: --server directive netmask allows for too many host addresses (subnet must be 255.255.0.0 (/16) or higher)
Use --help for more information.
and the server is not starting up at all.
It's obvious that I will not handle that amount of clients on one server, I will use load balancing but is there a way to work this around?
It would be fine to use the same config on all servers and not using an openvpn server for every /16 range.
Someone has an idea for that?
I tried to go in other direction:
modify server in server.conf to:
server 10.20.0.0 255.254.0.0
in this case I could handle IP's: 10.20.0.0 - 10.21.255.255
But I receive:
Options error: --server directive netmask allows for too many host addresses (subnet must be 255.255.0.0 (/16) or higher)
Use --help for more information.
and the server is not starting up at all.
It's obvious that I will not handle that amount of clients on one server, I will use load balancing but is there a way to work this around?
It would be fine to use the same config on all servers and not using an openvpn server for every /16 range.
Someone has an idea for that?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Aug 24, 2021 7:05 am
Re: Is it possible to have multiple subnets on one openvpn serv?
"Is it possible to have multiple subnets on one openvpn serv?"
(Concerning OpenVPN Server 2.5.3)
Yes, it is.
Simply, you just have to define two subnets in server.conf
For example:
# Network Configuration - OpenVPN internal network
topology subnet
# First subnet
server 10.0.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0 10.0.0.1
# Second subnet
server 10.0.1.0 255.255.255.0
route 10.0.1.0 255.255.255.0 10.0.1.1
Best regards,
Witek
(Concerning OpenVPN Server 2.5.3)
Yes, it is.
Simply, you just have to define two subnets in server.conf
For example:
# Network Configuration - OpenVPN internal network
topology subnet
# First subnet
server 10.0.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0 10.0.0.1
# Second subnet
server 10.0.1.0 255.255.255.0
route 10.0.1.0 255.255.255.0 10.0.1.1
Best regards,
Witek
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Sep 27, 2022 7:19 am
Re: Is it possible to have multiple subnets on one openvpn serv?
@wtosta Great, How to use the different subnets with different clients?
E.g. if I want to clientA in subnet 1 and clientB in subnet 2, how can I write the configure files? Any instructions or suggestions?
Thanks.
E.g. if I want to clientA in subnet 1 and clientB in subnet 2, how can I write the configure files? Any instructions or suggestions?
Thanks.
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Is it possible to have multiple subnets on one openvpn serv?
you can't have different "subnets", but you can allocate a larger subnet for the VPN (via the --server directive) and then use ccd files for each client to assign specific IPs. But this needs to be done manually for each client.