[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2nd instance issues


  • Subject: Re: [Openvpn-users] 2nd instance issues
  • From: "Tuc at T-B-O-H.NET" <ml@xxxxxxxxxxx>
  • Date: Tue, 7 Aug 2007 16:10:23 -0400 (EDT)

> Tuc at T-B-O-H.NET wrote:
> > I tried to start a 2nd OpenVPN instance on my server, and a 2nd
> > OpenVPN instance on my client. They are both FreeBSD 5. I copied my ent=
> ire
> > directory over from "openvpn" to "openvpn2". On the client, I changed t=
> he
> > IP I wanted the client to contact the server on. (I needed to do this s=
> ince
> > the remote site would route the traffic to that IP out a different tran=
> sit
> > provider). On both of them I changed the IP set (10.2.0.X to 10.3.0.X) =
> and
> > the ports (From 5001 to 5002). I started them up, but they don't seem t=
> o
> > sync. If I change the IP the client tries to contact the server on back=
> 
> > to the base one, works perfectly.
> >
> > 	Is there something about the certificate and the forward/reverse
> > DNS?
> >
> > 	When it ISNT working, I get :
> >
> > Sun Aug  5 23:30:36 2007 24: TLS: tls_pre_decrypt: new session incoming=
>  connection from 67.47.145.123:10169
> >
> > 	on the server, and=20
> >
> > Sun Aug  5 23:30:36 2007 Re-using SSL/TLS context
> > Sun Aug  5 23:30:36 2007 LZO compression initialized
> > Sun Aug  5 23:30:36 2007 Control Channel MTU parms [ L:1300 D:138 EF:38=
>  EB:0 ET:0 EL:0 ]
> > Sun Aug  5 23:30:36 2007 Preserving previous TUN/TAP instance: tun1
> > Sun Aug  5 23:30:36 2007 Data Channel MTU parms [ L:1300 D:1300 EF:42 E=
> B:135 ET:0 EL:0 AF:3/1 ]
> > Sun Aug  5 23:30:36 2007 Local Options hash (VER=3DV4): '8c473bbe'
> > Sun Aug  5 23:30:36 2007 Expected Remote Options hash (VER=3DV4): '4e31=
> 2712'
> > Sun Aug  5 23:30:36 2007 UDPv4 link local (bound): [undef]:5002
> > Sun Aug  5 23:30:36 2007 UDPv4 link remote: A.B.C.D:5002
> >
> > 	on the client
> 
> [cut]
> 
> > I don't have a local directive. I thought that it=20
> > would bind to "*" and the fact that I changed the ports would keep them=
> =20
> > away from each other.=20
> 
> As long as each server runs on a unique port they can listen on the
> global address to accept connections from anywhere, so this is fine.
>
	Ok, thanks. This was my previous understanding.
> 
> When you copy the directory, have you updated any paths inside the
> config file of the new setup?
>
	Yes... Sorta.. Not sure why, but some of my files are fully
pathed (up /usr/local/etc/openvpn.hughes/office.up) and some aren't
(dh dh1024.pem). Before starting, though, I cd to the directory.
I don't BELIEVE its finding it in another directory. I'll try fully
pathing all file references to see if it makes a difference.
>
>  Other than a shared file between the two
> (such as the ifconfig-pool-persist option) the 2 instances should be
> completely separate.  Also verify that each instance is using a separate
> adapter on the server and client (if the client is dynamically bringing
> up the tun adapter it should handle this automatically.)  
>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1258
        inet6 fe80::203:47ff:fed5:87cb%tun0 prefixlen 64 scopeid 0x6 
        inet 10.1.0.1 --> 10.1.0.2 netmask 0xffffffff 
        Opened by PID 79973
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1258
        inet6 fe80::203:47ff:fed5:87cb%tun1 prefixlen 64 scopeid 0x7 
        inet 10.2.0.1 --> 10.2.0.2 netmask 0xffffffff 
        Opened by PID 8413
tun2: flags=8010<POINTOPOINT,MULTICAST> mtu 1258
        inet6 fe80::203:47ff:fed5:87cb%tun2 prefixlen 64 scopeid 0x8 
        inet 10.3.0.1 --> 10.3.0.2 netmask 0xffffffff

	(tun2 is the new one that isn't working. openvpn is not running
on it currently until its understood why it isn't wanting to come up)
>
> If both those
> ideas don't help, you could try to turn off the persistent-tun setting;
> I'm noticing that the client is re-using the previous tun instance.=20
> While I don't suspect this is a problem, it's one more thing you can try.=
> 
	Will give a try later and report back. Thanks for the help!
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users