[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

RE: [Openvpn-users] how to set up more tunnels?

  • Subject: RE: [Openvpn-users] how to set up more tunnels?
  • From: "Matt Burleigh" <matt.burleigh@xxxxxxxxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 09:37:27 -0500

>Can some one tell me if  I need to write a different  tunnel.conf file 
>for each vpn I create (tunnel2.con, tunnel3.conf...)?, Or do I have to 
>put it on the same file?.
>Do I have (should?) to create different keys for each tunnels? also in 
>separate files?

We've got a couple strategic partners that need access to different
services in our internal network. I provide them each with their own
OpenVPN instance. Everyone uses Sundman's GUI and it works flawlessly.
One of the applications we they use is very latency intensive and using
UDP mode it outperforms every VPN we've tested. I get comments all the
time from our partners, that our VPN connection always works but theirs
doesn't. ;-) 

(much thanks to James too!)  

I use a dedicated machine for OpenVPN. It's a 3.06GHz P4 with 512MB with
Fedora on it. It handles 30-40 users daily without a sweat. 

I use one interface and all the OpenVPN instances run off of an alias
interface (eth0:0, eth0:1, eth0:2). I use only one OpenVPN binary. Each
instance has there own config file, key, and certs. You don't want to
use the same keys and certs unless you want connections to work on your
other tunnels which I don't. Each instance has their own subnet which
allows me to easily firewall off services on the networks I don't want
them connecting to. This does require some rule redundancy but the
overall flexibility is worth it. 

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list