www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

How to Run Multiple instances of OpenVPN Client-to-LAN?

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking
View previous topic :: View next topic  
Author Message
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Wed Dec 02, 2009 8:53 pm    Post subject: How to Run Multiple instances of OpenVPN Client-to-LAN? Reply with quote

Is it possible to have ZeroShell host multiple OpenVPN instances/profiles? Basically I want to have a configuration where OpenVPN-1 service regular employees & OpenVPN-2 service contractors or contracted employees. Employees connect to VPN1 on port XX98 and the contractors connect to VPN2 on port XX89.

To simply put!
How would I go about configuring and running multiple instances of OpenVPN Client-to-LAN services, each on a separate port?


I know that we can use a very large Subnet, assign each group a block of addresses and use static addressing for each client, but that is not the way we want to approach it.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Thu Dec 03, 2009 4:02 pm    Post subject: Reply with quote

Yes you can.
Find the config with
Code:
ps auxw | grep vpn

Alter the content to your needs and put the new command on a post boot script.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Thu Dec 03, 2009 5:02 pm    Post subject: Reply with quote

I hate to say this, but I simply do not know how......
Back to top
View user's profile Send private message
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Thu Dec 03, 2009 9:10 pm    Post subject: Reply with quote

If I am understanding you clearly, I should copy the results of the command:
"root@zeroshell root> ps auxw | grep vpn", edit its content [such as --port XXXX --ifconfig-pool 192.168.xxx.x 192.168.xxx.xxx 255.255.255.0 --push route-gateway 192.168.xxx.xxx DNS 192.168.xxx.xxx] and put it in a boot script?
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Dec 04, 2009 4:12 pm    Post subject: Reply with quote

Yes!
Don't forget to change the interface name to VPN98 or 97 etc...
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Thu Dec 10, 2009 4:25 am    Post subject: Reply with quote

I entered it into the Post Boot Script and it tests successfully, but I cannot access the VPN via the new port.

I even created a new Script and I am still not able to access the VPN via the new Port. I have even restarted the server several times, and still not VPN connection using the new Port.

Example of MY SCRIPT

# Bash script: VPN-Cron

echo vpn --dev-type tap --dev VPN41 --mode server --tls-server --proto udp --port 1XXX --dh /etc/ssl/dh.pem --ca /var/register/system/openvpn/Auth/X509/CAFile --cert /var/register/system/openvpn/TLS/cert.pem --key /var/register/system/openvpn/TLS/key.pem --daemon VPN41_H2L --comp-lzo --ifconfig-pool 197.168.XXX.X 197.168.XXX.XX 255.255.255.0 --push route-gateway 197.168.XXX.254 --push redirect-gateway --push dhcp-option DNS 197.168.XXX.254 --push --client-connect /root/kerbynet.cgi/scripts/ov_connect --client-disconnect /root/kerbynet.cgi/scripts/ov_disconnect --mute 3 --management 127.0.0.1 34001 --keepalive 5 60 --duplicate-cn --client-config-dir /DB/_DB.001/var/register/system/openvpn/ccd



OPEN VPN Message

Wed Dec 09 23:29:10 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Dec 09 23:29:13 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Dec 09 23:29:14 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Dec 09 23:29:16 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

Please Help
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Thu Dec 10, 2009 2:48 pm    Post subject: Reply with quote

The openvpn message is on the client side or on the server side? Could you clarify it and post the message of the other one?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Thu Dec 10, 2009 5:12 pm    Post subject: Reply with quote

The OPEN VPN Message is on the Client Side.

The server message is SUCCESSFUL.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Dec 11, 2009 10:04 am    Post subject: Reply with quote

Could you increase verbosity on both to locate what is wrong exactly?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Mon Dec 14, 2009 4:51 am    Post subject: Reply with quote

No additional information in the logs from the server.

It seems to me that the Cron is running it like a print job, once the output if successful the job ends.
Do you think I might be correct in my thinking?
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Mon Dec 14, 2009 3:17 pm    Post subject: Reply with quote

Remove option
Code:
--daemon VPN41_H2L

so you can have the output on screen.

Also... why is the "echo" in front of the line?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Mon Dec 14, 2009 4:40 pm    Post subject: Reply with quote

When I solely use the results of "ps auxw | grep vpn" the test Fails.
When I use "echo" the result is successful.

Is there another command I can use?


I will remove "--daemon VPN41_H2L" and test it this evening.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Mon Dec 14, 2009 7:25 pm    Post subject: Reply with quote

The "echo" command outputs whatever gets as input, so it is accomplished successfully, but the openvpn server is not running.
Point is after you run the command to verify it is running with the "ps auxw".
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
securenet



Joined: 27 Apr 2009
Posts: 64

PostPosted: Mon Dec 21, 2009 4:18 pm    Post subject: Reply with quote

Thank You for your help ppalias, but I am giving up on this project for now. I cannot get it to work and I do not have the time at this moment.

Again, Thank You .....
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Mon Dec 21, 2009 4:27 pm    Post subject: Reply with quote

Maybe as a request to Fulvio there could be an option to create secondary etc tunnels via the web interface.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group