Openvpn - multiple gateway tunnels
Posted: Wed Apr 13, 2011 7:34 am
Hi all,
I'm trying to establish 2 gateway(multiple in general) tunnels to a single server gateway. But i'm facing some problems.
Here is the configuration:
I'm trying to connect from 2 gateways simultaneously to the server gateway(all are in the 192.168.1.x network).
These are the subnets behind gateways:
Client gateway 1 - 192.168.30.0
Client gateway 2 - 192.168.75.0
Server gateway - 192.168.10.0
This is the present configuration at server's side:
server 128.10.0.0 255.255.0.0
port 1194
proto udp
cipher BF-CBC
auth SHA1
route 192.168.30.0 255.255.255.0
route 192.168.75.0 255.255.255.0
push "route 192.168.75.0 255.255.255.0"
push "route 192.168.30.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"
client-to-client
ca /var/certs/openvpn/ca.crt
cert /var/certs/openvpn/server.crt
key /var/certs/openvpn/server.key
dh /var/certs/openvpn/dh.pem
dev tun1
client-config-dir ccd
;daemon
writepid /var/run/openvpn.pid
;log /var/openvpn/openvpn.log
reneg-sec 360000
persist-tun
persist-key
Inside client-config-directory(ccd):
"client1" file contains (client1 is the Common Name)
iroute 192.168.30.0 255.255.255.0
"client2" file contains (client2 is the Common Name)
iroute 192.168.75.0 255.255.255.0
This is the client1 gateway configuration:
client
remote 192.168.1.72
dev tun1
ca ca.crt
cert client1.crt
key client1.key
verb 5
auth-retry nointeract
This is the client2 gateway configuration:
client
remote 192.168.1.72
dev tun1
ca ca.crt
cert client2.crt
key client2.key
verb 5
auth-retry nointeract
These are the firewall rules at each gateway:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -I INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
The problem is, I was able to reach only one of the client gateways at a time. (When I pinged both gateways simultaneously from the server gateway, I'm getting replies from client1 and client2 alternatively, but not simultaneously). So it looks like Openvpn server is serving only 1 gateway at a time.
If there's just one gateway, there's no problem
Please let me know if I did something wrong.
Thanks in advance.
I'm trying to establish 2 gateway(multiple in general) tunnels to a single server gateway. But i'm facing some problems.
Here is the configuration:
I'm trying to connect from 2 gateways simultaneously to the server gateway(all are in the 192.168.1.x network).
These are the subnets behind gateways:
Client gateway 1 - 192.168.30.0
Client gateway 2 - 192.168.75.0
Server gateway - 192.168.10.0
This is the present configuration at server's side:
server 128.10.0.0 255.255.0.0
port 1194
proto udp
cipher BF-CBC
auth SHA1
route 192.168.30.0 255.255.255.0
route 192.168.75.0 255.255.255.0
push "route 192.168.75.0 255.255.255.0"
push "route 192.168.30.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"
client-to-client
ca /var/certs/openvpn/ca.crt
cert /var/certs/openvpn/server.crt
key /var/certs/openvpn/server.key
dh /var/certs/openvpn/dh.pem
dev tun1
client-config-dir ccd
;daemon
writepid /var/run/openvpn.pid
;log /var/openvpn/openvpn.log
reneg-sec 360000
persist-tun
persist-key
Inside client-config-directory(ccd):
"client1" file contains (client1 is the Common Name)
iroute 192.168.30.0 255.255.255.0
"client2" file contains (client2 is the Common Name)
iroute 192.168.75.0 255.255.255.0
This is the client1 gateway configuration:
client
remote 192.168.1.72
dev tun1
ca ca.crt
cert client1.crt
key client1.key
verb 5
auth-retry nointeract
This is the client2 gateway configuration:
client
remote 192.168.1.72
dev tun1
ca ca.crt
cert client2.crt
key client2.key
verb 5
auth-retry nointeract
These are the firewall rules at each gateway:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -I INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
The problem is, I was able to reach only one of the client gateways at a time. (When I pinged both gateways simultaneously from the server gateway, I'm getting replies from client1 and client2 alternatively, but not simultaneously). So it looks like Openvpn server is serving only 1 gateway at a time.
If there's just one gateway, there's no problem
Please let me know if I did something wrong.
Thanks in advance.