[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Can you have multiple openvpn instances shae one ipp.txt file?

  • Subject: Re: [Openvpn-users] Can you have multiple openvpn instances shae one ipp.txt file?
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Fri, 14 Jul 2006 07:39:50 -0500

Jeff Myers wrote:
> I am trying to set up a second instance of openvpn (2.0.7) on a Linux 
> server and want to have it use the same ipp.txt file.  Basically I want 
> client computers to get the same IP address no matter which instance of 
> openvpn they connect to.  Is this possible?  The FAQ on openvpn.net 
> states you should have separate files, but I’m wondering if there is 
> some kind of workaround.

Is this second instance intended to be run concurrently with the primary 
one, or in a failover-type environment? In the latter case, if you can 
guarantee that only one OpenVPN instance will be up at the same time, 
it's safe to have ipp.txt be shared. In the former case, how are packets 
supposed to know which OpenVPN instance to be routed to, if clients on 
both instances have IP addresses within the same range?

My advice if you're running your OpenVPN instances concurrently is to 
use different IP ranges and set up dynamic DNS such that a host's IP 
address (whichever server it's on) reverse-resolves to the common name 
of the certificate it's connected to. That way routing to the correct 
OpenVPN instance based on IP address works, *and* you can know a client 
system's identity even if its IP changes.

If this doesn't work for you, though, something else can probably be 
worked up using hook scripts -- there's no reason you need to use 
OpenVPN's built in IP pool handling, after all, as opposed to putting it 
in your client-connect script.

OpenVPN mailing lists