[Openvpn-users] OpenVPN and two NICs

Thu, 20 Jul 2023 06:29:18 -0700 

Hello,I created an OpenVPN server and connected a Windows client to it and it 
worked very good. I added a new NIC to my server and I want to connect new 
clients to my OpenVPN server via this new NIC. My new NIC name is enp0s9:
# ifconfigenp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        
inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255        inet6 
fe80::a00:27ff:feed:b47c  prefixlen 64  scopeid 0x20<link>        ether 
08:00:27:ed:b4:7c  txqueuelen 1000  (Ethernet)        RX packets 34889  bytes 
3339713 (3.1 MiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX 
packets 31352  bytes 3453218 (3.2 MiB)        TX errors 0  dropped 0 overruns 0 
 carrier 0  collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 
192.168.1.20  netmask 255.255.255.0  broadcast 192.168.1.255        inet6 
fe80::a00:27ff:fe74:6397  prefixlen 64  scopeid 0x20<link>        ether 
08:00:27:74:63:97  txqueuelen 1000  (Ethernet)        RX packets 0  bytes 0 
(0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 17 
 bytes 1286 (1.2 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  
collisions 0
enp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 
10.0.4.15  netmask 255.255.255.0  broadcast 10.0.4.255        inet6 
fe80::a00:27ff:fe48:eba4  prefixlen 64  scopeid 0x20<link>        ether 
08:00:27:48:eb:a4  txqueuelen 1000  (Ethernet)        RX packets 2  bytes 1180 
(1.1 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 
18  bytes 1900 (1.8 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  
collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536        inet 127.0.0.1  netmask 
255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10<host>        loop  
txqueuelen 1000  (Local Loopback)        RX packets 0  bytes 0 (0.0 B)        
RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 
B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I created a new directory under "/etc/openvpn" directory for new clients and 
started to create keys:
# mkdir /etc/openvpn/New# cp -r /usr/share/easy-rsa /etc/openvpn/New# cd 
/etc/openvpn/New/easy-rsa/# mv vars.example vars# nano varsexport 
KEY_COUNTRY="US"export KEY_PROVINCE="CA"export KEY_CITY="NY"export 
KEY_ORG="MyName"export KEY_EMAIL="ad...@example.com"export KEY_OU="OpenVPN"
Then:
# ./easyrsa init-pki# ./easyrsa build-ca nopass
When it asked "Common Name (eg: your user, host, or server name) [Easy-RSA 
CA]:" then I entered "server2". After it:
# ./easyrsa gen-req server2 nopass            # ./easyrsa sign-req server 
server2          # ./easyrsa gen-dh# openvpn --genkey secret ta.key
Then, I created a new directory and copied the files that have been created:
# mkdir /etc/openvpn/server2# cp ta.key /etc/openvpn/server2# cp pki/ca.crt 
/etc/openvpn/server2# cp pki/private/server2.key /etc/openvpn/server2# cp 
pki/issued/server2.crt /etc/openvpn/server2# cp pki/dh.pem /etc/openvpn/server2
After it, I generated client certificate and key:
# ./easyrsa gen-req client2 nopass# ./easyrsa sign-req client client2 
Then:
# mkdir /etc/openvpn/client2# cp pki/ca.crt /etc/openvpn/client2/# cp 
pki/issued/client2.crt /etc/openvpn/client2/# cp pki/private/client2.key 
/etc/openvpn/client2/
Finally, I created the new OpenVPN configuration file:
# touch /etc/openvpn/server2.conf
And filled it with the following lines:
port 1194proto udpdev tunca /etc/openvpn/server2/ca.crt                         
          cert /etc/openvpn/server2/server2.crt                            key 
/etc/openvpn/server2/server2.key                             dh 
/etc/openvpn/server2/dh.pemserver 10.9.0.0 255.255.255.0               push 
"redirect-gateway def1 bypass-dhcp"push "dhcp-option DNS 1.1.1.1"push 
"dhcp-option DNS 8.8.8.8"              keepalive 10 120tls-auth 
/etc/openvpn/server2/ta.key 0                           data-ciphers 
AES-256-CBCuser nobodygroup nogrouppersist-keypersist-tunstatus 
/var/log/openvpn/openvpn-status.loglog         
/var/log/openvpn/openvpn.loglog-append  /var/log/openvpn/openvpn.logverb 
3explicit-exit-notify 1
As you see, I defined the location of the new certificate and Key and defined a 
new IP address too:
server 10.9.0.0 255.255.255.0               
After it, I started the OpenVPN server as below:
# service openvpn start /etc/openvpn/server2.conf
But, the new NIC that it created is:
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500        inet 
10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2        inet6 
fe80::2f29:1de1:626a:65ca  prefixlen 64  scopeid 0x20<link>        unspec 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)       
 RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 
0        TX packets 1  bytes 48 (48.0 B)        TX errors 0  dropped 0 overruns 
0  carrier 0  collisions 0
This is "10.8.0.1" not "10.9.0.1". The problem is that it never read 
"server2.conf" file. What is wrong?I tried:
# systemctl start openvpn@server /etc/openvpn/server2.conf Failed to start 
etc-openvpn-server2.conf.mount: Unit etc-openvpn-server2.conf.mount not found.


Thank you.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users














    











					Reply via email to