[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] 2nd VPN

  • Subject: Re: [Openvpn-users] 2nd VPN
  • From: Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx>
  • Date: Sat, 12 Jan 2008 13:35:54 -0200

David Obando escreveu:
Is it possible to configure a 2nd VPN on my OpenVPN-server or do I need a second daemon for it?

You can have as many VPNs instances you want, one config/daemon for each one.

As each daemon will have a different interface name (tapX or tunX), you can easily secure them with iptables rules.

The only tip is to ALWAYS load config files in the same order. If you change the order, the interfaces names can change and thus your iptables rules, by interface name, will probably fail.

You can securely mix TAP and TUN interfaces in different config files, no problem with that. You can securely mix TLS mode and static-key in different VPNs, no problem at all.

And, of course, you could have your public server as a normal client of your 'remote clients' VPN. You could use OpenVPN configurations parameters to force some specific internal IP for this special client, get different routes to it .... and secure it with iptables rules based on it's IP address. But i would prefer (personal opinion) to run a second instance of OpenVPN instead of mixing real-client and 'not-real-clients'.


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia

	Minha armadilha de SPAM, NÃO mandem email
	My SPAMTRAP, do not email it

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
Openvpn-users mailing list