[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Single server, multiple tun interfaces?

  • Subject: Re: [Openvpn-users] Single server, multiple tun interfaces?
  • From: Roland Pope <rpope@xxxxxxxxxxxxx>
  • Date: Sun, 07 Oct 2007 15:14:25 +1300

Juliusz Chroboczek wrote:
> Hi,
> Is it possible to have multiple clients on a single server-side UDP
> port, but with one tun interface per client?
> I've looked at the multiple clients example in the docs, and it
> appears to give a single tun interface for all the clients, with
> static routing performed by OpenVPN.  Since I'm using dynamic routing,
> I need to have one tun interface per client.
> I realise I could get away with a single tap interface and use host
> routes, but that bothers me somehow.
The short answer is yes, you can't have a TUN interface per client but 
you have to allocate a separate server instance, listening on a 
different UPD port for each client.
Are you suggesting that you don't know what networks will be made 
available by each connecting client until after they have connected and 
propagated some sort of route?
The current OpenVPN paradigm requires the server to define the network 
that will be accessible via a connecting client by using an 'IROUTE' in 
a client config file on the server. I have often wanted to be able to 
have a list of 'Authorised' subnets on the server that connecting 
clients can advertise as 'owning' as it would help in my situation, but 
alas, no such option exists yet :(
OpenVPN mailing lists