OpenVPN Support Forum

Posted: **Mon Jun 20, 2011 5:27 am**

Hello,

I am curious to figure out how best to have multiple networks behind one VPN.

Currently I have multiple VPNs running, which would be nice to get rid of.
I would like to have one VPN which would allow access to:
WAN uplink (already configured below)
Main Network: 172.16.1.1/13
Data Network: 172.24.1.1/13

What should I change to allow for such a configuration?
I assume I need push "route xxx..." and push "redirect-gateway xxxx" statements.
Also, is it possible to assign different levels of access to these networks based on certificate identity?

Code: Select all

local 0.0.0.0
port 1194
proto udp
dev tun

ca   /etc/openvpn/rsa/keys/ca.crt
cert /etc/openvpn/rsa/keys/server.crt
key  /etc/openvpn/rsa/keys/server.key
dh   /etc/openvpn/rsa/keys/dh1024.pem

tls-auth /etc/openvpn/rsa/keys/ta.key 0
tls-server

cipher AES-256-CBC
client-to-client

comp-lzo
server 10.8.1.0 255.255.255.0
duplicate-cn
keepalive 30 120
max-clients 10
persist-key
persist-tun
log    /var/log/openvpn/server.log
status /var/log/openvpn/server-status.log
verb 4
mute 20
push "redirect-gateway def1"
push "dhcp-option DNS xx.xx.xx.xx"

Posted: **Mon Jun 20, 2011 7:44 am**

yes this is possible: add the routes to the internal network to the server config

Code: Select all

push "route 172.16.0.0 255.248.0.0"
push "route 172.24.0.0 255.248.0.0"

and make sure the default GWs on those networks know about the VPN (10.8.0.0) , i.e. make sure their is a return address to the VPN server.

Also, is it possible to assign different levels of access to these networks based on certificate identity?

you're using 'duplicate-cn' right now, which does not allow this; if you assign unique certificates to each client it is possible to
* assign a fix IP to a certificate
* add an iptables rule on the server (if it's Linux) to allow a certain level of access

OpenVPN Support Forum

Multiple Networks with OpenVPN

Multiple Networks with OpenVPN

Re: Multiple Networks with OpenVPN