[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2nd VPN


  • Subject: Re: [Openvpn-users] 2nd VPN
  • From: "Samir Kelekar" <samir.kelekar@xxxxxxxxx>
  • Date: Sat, 12 Jan 2008 23:51:24 +0530



On Jan 12, 2008 9:05 PM, Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx> wrote:


David Obando escreveu:
> Is it possible to configure a 2nd VPN on my OpenVPN-server or do I need
> a second daemon for it?
>

   You can have as many VPNs instances you want, one config/daemon for
each one.

   As each daemon will have a different interface name (tapX or tunX),
you can easily secure them with iptables rules.

   The only tip is to ALWAYS load config files in the same order. If
you change the order, the interfaces names can change and thus your
iptables rules, by interface name, will probably fail.

   You can securely mix TAP and TUN interfaces in different config
files, no problem with that. You can securely mix TLS mode and
static-key in different VPNs, no problem at all.

   And, of course, you could have your public server as a normal client
of your 'remote clients' VPN. You could use OpenVPN configurations
parameters to force some specific internal IP for this special client,
get different routes to it .... and secure it with iptables rules based
on it's IP address. But i would prefer (personal opinion) to run a
second instance of OpenVPN instead of mixing real-client and
'not-real-clients'.

--


       Atenciosamente / Sincerily,
       Leonardo Rodrigues
       Solutti Tecnologia
       http://www.solutti.com.br

       Minha armadilha de SPAM, NÃO mandem email
       gertrudes@xxxxxxxxxxxxxx
       My SPAMTRAP, do not email it

One other point, I have found important to note is
that one must have different virtual networks for
different VPN servers.
Like say 10.8.0.x for the first  server,  and 10.8.1.x for
the second etc. Otherwise, the whole routing messes up.

regards,
Samir
 

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users