The combination of your server address AND your ther port number your process 
is listening on must be different.

So, on a single NIC (one up-address) you can have dozens of vpn-processes, each 
listening on its own port.

PS, it is recommended that each vpn process hands out unique pool of addresses 
or its clients. Duplicating those might lead to funny situations…


From: "Jason Long via Openvpn-users" 
<openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>>
Date: Sunday, 23 July 2023 at 16:41:04
To: "openvpn-users@lists.sourceforge.net" 
<openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>>,
 "Jochen Bern" <jochen.b...@binect.de<mailto:jochen.b...@binect.de>>
Subject: Re: [Openvpn-users] Multiple OpenVPN server on one NIC

Hi Jochen,
Thank you so much for your reply.

I have two more questions:

1- So, both of IP address and Port number must be different?

2- If the IP address is different, then the port can be the same?

Please answer my questions by number.






On Sunday, July 23, 2023 at 05:34:30 PM GMT+3:30, Jochen Bern 
<jochen.b...@binect.de> wrote:





On 23.07.23 15:32, Jason Long via Openvpn-users wrote:
> 1- If the port number is different, then "server" IP can be the same? > For 
> example, the first server use:
>
> port 1194
[...]
> server 10.8.0.0 255.255.255.0
>
> The second server use:
>
> port 1195
[...]
> server 10.8.0.0 255.255.255.0
>
> Or both of "port" and "server IP" must be different?

Uuuhhh careful there. More below ...

> 2- You said, "A "NIC" can have multiple IP addresses", so, a server
> does not need to have multiple NAT NICs ? For example, A VPN provider
> can have a VPN server with a NIC that use three or four public IP
> addresses.

The relevant IP addresses to decide whether you need to use different
ports are those that the clients actually connect to to establish the
VPN. (I.e., the ones in the "remote ..." statement of the clients' config.)

In another list e-mail, you've shown your VPN server to use (at least
two) *private* IPs to access Internet resources, so my guess is that
you're going to have the clients connect to public IPs assigned to your
Internet uplink, and that some separate device does NAT to redirect the
traffic to your VPN server. In that case, in order to have different
VPNs offered under the same port, you need two addresses *from those
assigned to your Internet connection*; the VPN server can be left with
just one internal IP (unless you get a *very* high number of VPN
connections).

However, the "server" statements in your server-side configs state what
IPs the *clients* will be assigned to use for the traffic *inside* the
VPN, once they have connected. You very probably want to put different
IP ranges into every single config file, *regardless* of whether "port"
matches between two configs or not.

Kind regards,
--
Jochen Bern
Systemingenieur

Binect GmbH
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to