How to run multiple instances of openVPN?

razirazo · April 5, 2015, 3:57pm

Hi Im setting up openVPN server with help of this guide.
https://en.opensuse.org/SDB:OpenVPN_Installation_and_Setup

Now its running perfectly on port 123.

But I want to add alternative port (TCP443 and 3101) and I was told to run another instance of it with different config.
can someone show me how to do it?

Miuku · April 5, 2015, 4:08pm

OpenVPN systemctl uses the server configuration filename as a parameter, let’s imagine you have server.conf and server2.conf files in your /etc/openvpn/ directory, now to start or stop services you would use;

**systemctl start openvpn@server ** (uses server.conf)
systemctl start openvpn@server2 (uses server2.conf)

Simple, eh?

All you have to do is copy your existing and working .conf with a new filename and edit it, then start it with the new name you gave the file.

You can start, stop, enable or disable the individual servers by appending the name.

razirazo · April 5, 2015, 4:55pm

Thanks. I got the second instance running on TCP 443, the client successfully connected to server.

But there are no network activity on my browser (its working fine on my original port 123 instance though).
Is there any additional step that I missed? like firewall config or anything?

I made no modification in config other than changing port number and protocol.

Miuku · April 5, 2015, 5:06pm

You’re most likely running into the caveat of routing.

Try giving the second server another IP range, for example if the first one was 10.8.1.0, make the other one 10.8.2.0 in your server2.conf or whatever you named it and restart the new openvpn instance with **systemctl restart openvpn@newinstance
**
So something like this:




# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.2.0 255.255.255.0

razirazo · April 5, 2015, 5:41pm

Yay I got it running now. many thanks.

I made another range for the new instance which is 10.9.0.0/24 (the existing instance was running on default 10.8.0.0/24).

In addition the firewall rules need to be updated;
I don’t know how to put new rules between the line so I just delete the Reject rule, add my new range and re add the reject again. rotfl!

iptables -D FORWARD -j REJECT
iptables -A FORWARD -s 10.9.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -j SNAT --to my server IP

I don’t exactly understand what Im doing but its working lol.

razirazo · April 5, 2015, 6:04pm

And finally

systemctl enable openvpn@newserverinstance.service

and edit the firewall rules **/etc/rc.d/boot.local ** to make the changes permanent.