OpenVpn multiple public IP



  • Hi,
    I'm using OpenVpn on a Pfsense 1.2.2. with 3 different server for 3 different subnets and 3 different ports (1193,2193 and 7000). It's working fine and I haven't problem.

    Due to security reasons I must transport this 3 different server only on a single port: 25.

    I can use 3 different public IP's…

    Can you help me for this configuration ???

    I'm trying to define 3 different VPN server on the same port: 25 but I don't know how link a different public IP with an VPN server...

    Thank's

    Claudio



  • Can't be done, each VPN needs it's own port! I tried, I had to go with 1195,96,97…etc.



  • @BrianBonnell:

    Can't be done, each VPN needs it's own port! I tried, I had to go with 1195,96,97…etc.

    Um… ever heard of PKI and the iroute-command?
    Or did you read the OPs note that he has 3 public IPs?

    @Vtamlist:
    Are you using this VPN for site-to-site connections?
    If you want multiple site-to-site connections with a single server, there is a sticky in this subforum providing a good hotwo:
    http://forum.pfsense.org/index.php/topic,12888.0.html

    Or do you need 3 different servers for multiple roadwarriors?
    Since you say you have 3 public IPs at your disposal, you can just start 3 instances of OpenVPN and add in the "custom options" field the option: "local host".
    Like this you can specify to which IP the server binds.



  • YES, GruensFroeschli, I have heard of PKI and Iroute. NEITHER WORKED! I am using PKI, and I still had to put each tunnel on it's own port. Other wise I got port in use already errors. OpenVPN Port Sharing is only available on OpenVPN Server/Client 2.x code (check the OpenVPN.org Site!!!!) Pfsense uses 1.x version of OpenVPN code. Until Version 2 of Pfsense is released which might use the newer OpenVPN code, it is not supported yet.

    GruensFroeschli - Next time do a bit of research before making a smart aleck remark!



  • Ah yes if you say it doesn't work it must be so….

    In this case we just ignore everyone using the above mentioned howto and discard the already working PKI site-to-site setups as hocuspocus to mislead the proletariat.

    Where the heck do you get the idea that pfSense uses 1.x OpenVPN code?
    Did you ever use pfSense to set up an OpenVPN connection?
    Apparently not.
    Or did you never look at the systemlog output?
    You would have noticed the small line:

    openvpn[14760]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008

    Next time you check your own facts before you post wrong information!



  • Well mine does not say "openvpn[14760]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008"
    it says "openvpn[10700]: OpenVPN 1.3.6 i386-portbld-freebsd6.0 [SSL] [LZO] built on Nov 9 2006", and I am on PF 1.2.3-Release.



  • 1.2.3 is based on FreeBSD 7.2
    Your OpenVPN is a port to FreeBSD 6.0.

    Either you're not really on 1.2.3 or something went terribly wrong when you updated.


Log in to reply