Simple configuration for 1 server and 2 clients

[mario.u]

Hi I'm trying to use OpenVPN to have two servers be able to communicate with a third server like the following but this setup doesn't work. Any help would be greatly appreciated


Third Server configuration file
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key1
dev tun
ifconfig 10.8.0.1 10.8.0.3
secret static.key2

1st Client configuration file 1
remote myremote.mydomain
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key1


2nd Client configuration file 2
remote myremote.mydomain
dev tun
ifconfig 10.8.0.3 10.8.0.1
secret static.key2


Also if all three could be made to set up so the communication was available to any in any direction that would be great too.

Thanks for any help in advance.

[Bebop]

Your request is very conflicting with its requirements.

The title is:

Simple configuration for 1 server and 2 clients

And your request says this:

I'm trying to use OpenVPN to have two servers be able to communicate with a third server

You better be clear. Do you want 1 server and 2 clients, or 2 servers, or 3 servers?

this setup doesn't work

How specifically does it not work? Does it fail with error messages, or does it fail silently?

Code: Select all

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key1
dev tun
ifconfig 10.8.0.1 10.8.0.3
secret static.key2

Without knowing what exactly you want to achieve, I can't suggest a the proper coding for you, but I can tell you about a basic attribute:

You can't create multiple VPNs with a single .conf file. Create two .conf files instead (eg point1.conf point2.conf). OpenVPN will execute all the .conf files in the working directory.

[mario.u]

Thank you very much for your reply.Sorry I should have been clearer. All three are linux virtual servers. Two are openvpn clients of the same open vpn server.

So it basically like this

web server 1 ------> Db Server <---- web werver 2

So option one is create two simple tunnels to db server which I haven't been able to accomplish. Though I was able to get one tunnel to work.

Or option two would be to create a "tunneled network" where any server could communicate with any other. Though I'm blissfully ignorant about how to even approach this option.


With option 1 if I did this on db server, would it work?

// point1.conf
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key1

// point2.conf
dev tun
ifconfig 10.8.0.1 10.8.0.3
secret static.key2

Can the dev tun and 10.8.0.1 be the same in both files or should they be different?

[mario.u]

Some more information incase it might help someone help me. I tried without the secret key.

On DBServer I have the following
// tunnel1.conf
dev tun
ifconfig 10.67.67.2 10.67.67.1
verb9

// tunnel2.conf
dev tun
ifconfig 10.67.67.3 10.67.67.4
verb9


On Web Server 1 I have
/// tunnel1.conf
remote 10.180.180.211
dev tun
ifconfig 10.67.67.1 10.67.67.2

On Web Server 2 I have
/// tunnel2.conf
remote 10.180.180.211
dev tun
ifconfig 10.67.67.4 10.67.67.3

On the dbserver the tunnel two always fails when openvpn starts. If one is alone or the other is alone they work but I haven't be able to get them to work at the same time.

[mario.u]

I've managed to figure this out and in case someones looking for this setup with multiple web servers trying to access a single dbserver through open vpn the following will work.


Option --  Different ports for the server with multiple ips on server
(this works)

web.server.1(10.67.67.1) -- udp 1194→ (10.67.67.2)dbserver
web.server2 (10.67.67.4) -- udp 2873→ (10.67.67.3)

On DBServer I have the following
// tunnel1.conf
proto udp
port 1194
dev tun
ifconfig 10.67.67.2 10.67.67.1
;key server.key
verb9

// tunnel2.conf
proto udp
port 2873
dev tun
ifconfig 10.67.67.3 10.67.67.4
;key server.key
verb9


On Web Server 1 I have
/// tunnel1.conf
proto udp
remote 10.180.180.211 1194
dev tun
ifconfig 10.67.67.1 10.67.67.2
;key server.key

On Web Server 2 I have
/// tunnel2.conf
proto udp
remote 10.180.180.211 2873
dev tun
ifconfig 10.67.67.4 10.67.67.3
;key server.key



Option - Try different ports for the server with single ip on server
(this works)

web.server.1(10.67.67.1) -- udp 1194→ (10.67.67.2)dbserver
web.server2 (10.67.67.4) -- udp 2873→ (10.67.67.2)

On DBServer I have the following
// tunnel1.conf
proto udp
port 1194
dev tun
ifconfig 10.67.67.2 10.67.67.1
;key server.key
verb9

// tunnel2.conf
proto udp
port 2873
dev tun
ifconfig 10.67.67.2 10.67.67.4
;key server.key
verb9


On Web Server 1 I have
/// tunnel1.conf
proto udp
remote 10.180.180.211 1194
dev tun
ifconfig 10.67.67.1 10.67.67.2
;key server.key

On Web Server 2 I have
/// tunnel2.conf
proto udp
remote 10.180.180.211 2873
dev tun
ifconfig 10.67.67.4 10.67.67.2
;key server.key

[Bebop]

I've managed to figure this out and in case someones looking for this setup with multiple web servers trying to access a single dbserver through open vpn the following will work

Well done -- and thank you for sharing your findings. Since you included a lot of detail, this could be very useful for others who have a similar situation in future.