You can not have multiple processes listening on the same UDP port. We have dozens of vpn processes, EACH listening on its own dedicated UDP or TCP port.
If you don’t like to have “complicated client config files”, then you just need infront of your vpn-services a simple iptables DNAT-rule, spreading the load… From: "Jason Long via Openvpn-users" <openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>> Date: Sunday, 23 July 2023 at 10:40:44 To: "openvpn-users@lists.sourceforge.net" <openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>>, "Leroy Tennison" <leroy.tenni...@verizon.net<mailto:leroy.tenni...@verizon.net>> Subject: Re: [Openvpn-users] How to run multiple configuration files at the same time? Hello, Thank you so much for your reply. My first server config is: port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" #push "dhcp-option DNS 208.67.222.222" #push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 192.168.1.20" keepalive 10 120 tls-auth ta.key 0 #cipher AES-256-CBC data-ciphers AES-256-CBC user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 My second server config is: port 1194 proto udp dev tun ca /etc/openvpn/server2/ca.crt cert /etc/openvpn/server2/server2.crt key /etc/openvpn/server2/server2.key dh /etc/openvpn/server2/dh.pem server 10.9.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.8.8" keepalive 10 120 tls-auth /etc/openvpn/server2/ta.key 0 data-ciphers AES-256-CBC user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 I changed the port and problem solved. On Sunday, July 23, 2023 at 08:54:35 AM GMT+3:30, Leroy Tennison via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: Not knowing what your first conf file contained but seeing that your second file is using the default 1194 port, I'm guessing that you need to change that to something like 1195 (assuming nothing else is using it). That will mean adjusting the client conf file to use the different port as well. There may be additional firewall rules needed to allow access to this second server. On Saturday, July 22, 2023 at 01:38:07 AM CDT, Jason Long via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: Hello, Thank you so much for your reply. I did, but got an error: # systemctl start openvpn-server@server Job for openvpn-server@server.service failed because the control process exited with error code. See "systemctl status openvpn-server@server.service" and "journalctl -xeu openvpn-server@server.service" for details. I changed it to: # systemctl start openvpn@server It worked, but another problem is that I can't run another OpenVPN server: # systemctl start openvpn@server2 It never created any new "tun" interface. I just have one tun: tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2 inet6 fe80::51d4:2047:ba46:d86 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 8 bytes 557 (557.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7 bytes 348 (348.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 My server2 config file is: port 1194 proto udp dev tun ca /etc/openvpn/server2/ca.crt cert /etc/openvpn/server2/server2.crt key /etc/openvpn/server2/server2.key dh /etc/openvpn/server2/dh.pem server 10.9.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.8.8" keepalive 10 120 tls-auth /etc/openvpn/server2/ta.key 0 data-ciphers AES-256-CBC user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 Se you see, it must create another tun interface with "inet 10.9.0.1" IP. The log file showed: # cat /var/log/openvpn/openvpn.log 2023-07-22 02:21:23 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. 2023-07-22 02:21:23 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2023-07-22 02:21:23 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload. 2023-07-22 02:21:23 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 2023-07-22 02:21:23 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10 2023-07-22 02:21:23 DCO version: N/A 2023-07-22 02:21:23 net_route_v4_best_gw query: dst 0.0.0.0 2023-07-22 02:21:23 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2023-07-22 02:21:23 Diffie-Hellman initialized with 2048 bit key 2023-07-22 02:21:23 net_route_v4_best_gw query: dst 0.0.0.0 2023-07-22 02:21:23 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3 2023-07-22 02:21:23 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:ed:b4:7c 2023-07-22 02:21:23 TUN/TAP device tun1 opened 2023-07-22 02:21:23 net_iface_mtu_set: mtu 1500 for tun1 2023-07-22 02:21:23 net_iface_up: set tun1 up 2023-07-22 02:21:23 net_addr_ptp_v4_add: 10.9.0.1 peer 10.9.0.2 dev tun1 2023-07-22 02:21:23 net_route_v4_add: 10.9.0.0/24 via 10.9.0.2 dev [NULL] table 0 metric -1 2023-07-22 02:21:23 Could not determine IPv4/IPv6 protocol. Using AF_INET 2023-07-22 02:21:23 Socket Buffers: R=[212992->212992] S=[212992->212992] 2023-07-22 02:21:23 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98) 2023-07-22 02:21:23 Exiting due to fatal error 2023-07-22 02:21:23 net_route_v4_del: 10.9.0.0/24 via 10.9.0.2 dev [NULL] table 0 metric -1 2023-07-22 02:21:23 Closing TUN/TAP interface 2023-07-22 02:21:23 net_addr_ptp_v4_del: 10.9.0.1 dev tun1 What is the problem? On Friday, July 21, 2023 at 07:14:30 PM GMT+3:30, Jochen Bern <jochen.b...@binect.de> wrote: On 21.07.23 17:10, Gert Doering wrote: > If you want multiple VPNs to be active at the same time, you need to > run one openvpn instance with an individual config each. > > How to do that with systemd I wouldn't know (I'm a FreeBSD person). https://community.openvpn.net/openvpn/wiki/Systemd I.e., from a "template" unit file installed with OpenVPN, you derive one systemd service for each config file, and administrate those like you would a "standalone" service. Kind regards, -- Jochen Bern Systemingenieur Binect GmbH _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
