OpenVpn multiple public IP

Vtamlist

Hi,
I'm using OpenVpn on a Pfsense 1.2.2. with 3 different server for 3 different subnets and 3 different ports (1193,2193 and 7000). It's working fine and I haven't problem.

Due to security reasons I must transport this 3 different server only on a single port: 25.

I can use 3 different public IP's…

Can you help me for this configuration ???

I'm trying to define 3 different VPN server on the same port: 25 but I don't know how link a different public IP with an VPN server...

Thank's

Claudio

BrianBonnell

Can't be done, each VPN needs it's own port! I tried, I had to go with 1195,96,97…etc.

GruensFroeschli

@BrianBonnell:

Can't be done, each VPN needs it's own port! I tried, I had to go with 1195,96,97…etc.

Um… ever heard of PKI and the iroute-command?
Or did you read the OPs note that he has 3 public IPs?

@Vtamlist:
Are you using this VPN for site-to-site connections?
If you want multiple site-to-site connections with a single server, there is a sticky in this subforum providing a good hotwo:
http://forum.pfsense.org/index.php/topic,12888.0.html

Or do you need 3 different servers for multiple roadwarriors?
Since you say you have 3 public IPs at your disposal, you can just start 3 instances of OpenVPN and add in the "custom options" field the option: "local host".
Like this you can specify to which IP the server binds.

BrianBonnell

YES, GruensFroeschli, I have heard of PKI and Iroute. NEITHER WORKED! I am using PKI, and I still had to put each tunnel on it's own port. Other wise I got port in use already errors. OpenVPN Port Sharing is only available on OpenVPN Server/Client 2.x code (check the OpenVPN.org Site!!!!) Pfsense uses 1.x version of OpenVPN code. Until Version 2 of Pfsense is released which might use the newer OpenVPN code, it is not supported yet.

GruensFroeschli - Next time do a bit of research before making a smart aleck remark!

GruensFroeschli

Ah yes if you say it doesn't work it must be so….

In this case we just ignore everyone using the above mentioned howto and discard the already working PKI site-to-site setups as hocuspocus to mislead the proletariat.

Where the heck do you get the idea that pfSense uses 1.x OpenVPN code?
Did you ever use pfSense to set up an OpenVPN connection?
Apparently not.
Or did you never look at the systemlog output?
You would have noticed the small line:

openvpn[14760]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008

Next time you check your own facts before you post wrong information!

BrianBonnell

Well mine does not say "openvpn[14760]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008"
it says "openvpn[10700]: OpenVPN 1.3.6 i386-portbld-freebsd6.0 [SSL] [LZO] built on Nov 9 2006", and I am on PF 1.2.3-Release.

GruensFroeschli

1.2.3 is based on FreeBSD 7.2
Your OpenVPN is a port to FreeBSD 6.0.

Either you're not really on 1.2.3 or something went terribly wrong when you updated.