Multiple OpenVPN on the same server
-
Hello,
I have OpenVPN working well in our server. I want to setup second OpenVPN for other purpose with different port. If I use OpenVPN Wizard, it will overwrite current OpenVPN or create a new one? Thanks in advance.
-
It will create a new one... Just make sure you select different port. You can not run 2 servers on the same port/protocol.
-
Thank you very much. Could you please also clarify it for me what it means?
OpenVPN / Client Export
"Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently." -
Seems pretty clear to me ;) Are you planning on the client of running more than 1 vpn connection to different vpn servers at the same time.
If so check that box, not normally something that is needed. But sure if your going to be handing out configs to clients and they will be wanting to connect to multiple servers all at the same time.
https://www.netgate.com/docs/pfsense/vpn/openvpn/using-the-openvpn-client-export-package.html#use-random-local-port
-
Actually I didn't get clearly. It means it is for: two clients from the same subnet on the remote side or it is for all remote side users?
-
No the same PC, or say the same client router. So lets say you have user billy.. And you create a remote client connection for him that he uses off his laptop. And he wants to connect to your server 1, and at the same time he wants to connect to your server 2.. Which would be kind of odd config - but lets say you let server 1 clients access xyz, and server 2 to connect to abc on your local network.. And he needs to access both at the same time - that might be a use for it.
Or lets say billy connects to your server 1, and also wants to connect to some other remove vpn service at the same time as he is connected to your server 1. To be honest I don't think such scenario's come up much - and until you actually run into such an issue there shouldn't be any need to mark that check box.
-
It applies to all remote side users.
Enable that option if you will have more than one client connect to the same VPN server at the same time.
For example, User A and User B want to connect to the same VPN server. It does not matter where each user is located or what their network address is.
-
With the option unchecked, if User A connects, then User B can not connect.
-
With the option checked, if User A connects, then User B can also connect.
At least that is my understanding of it. I have it checked and I haven't had any problems with multiple remote clients.
-
-
@raffi_ said in Multiple OpenVPN on the same server:
With the option unchecked, if User A connects, then User B can not connect.
No that is not the correct at all. It only comes into play if the client is trying to connect to more than 1 server at the same time. Has nothing to do with the multiple different clients connecting to the same server.
When is says "clients" it means multiple vpn connections running on the same device... Not user A and user B running on different devices.
-
@emammadov ignore what I said.
@johnpoz thanks for the explanation. I totally misunderstood the description. It does make sense that it would apply to the client device since it is on the client export page.
The description in the book is a little more clear.
"For current clients, the default (checked) is best, otherwise two OpenVPN connections cannot be run simultaneously on the client device. Some older clients do not support this, however."I would suggest changing the description slightly in the GUI to something more similar to that. Maybe,
"Use a random local source port (lport) for traffic from the client. Without this set, two connections may not run concurrently on the client device." -
@raffi_ not usually needed for your end users. But for say IT or Helpdesk. For example I sometimes need to VPN into more than one remote office to move data from remote site to remote site. Handy to be able to copy from one to the other (need to be able to connect to both VPN servers at the same time). But without this checked, can only connect to one at a time. End users don't usually need to do this, so fine to leave unchecked.
