• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN - multiple instances

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
3 Posts 2 Posters 3.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    toomeek
    last edited by Jan 13, 2011, 3:57 PM

    Hello,

    I'm testing OpenVPN instance as remote access for users. This pfSense test installation uses dual WAN config (on 2 x DSL links).
    First, I see that "passtos" option is invalid for Windows client. Shouldn't be even available on server config page "Set the TOS IP header value of tunnel packets to match the encapsulated packet value." But ok, this can be disabled and go on.
    Now I'm thinking about.. how to configure 2 OpenVPN instances for both WANs and use shared certificates?
    Yes, I can run Wizard twice and it will create 2 servers, but both will use 2 server certificates, one per one. Second thing is that probably have to use different IP pools, becuse of possible IP conflicts for clients.
    Now, when I choose in User Manager both certificates for both OpenVPN instances for user it creates 2 x NEW "CA" with name LDAP. And this is causing user to not show up on "OpenVPN: Client Export Utility" page, have to manually change Server certificate to LDAP.
    And there is another thing: how to create installer with 2 configurations (for example for Windows)? (Probably have to manually copy config files for the second instance)

    Can I just use single CA, single server certificate and single IP client subnet for multiple OpenVPN instances?
    pfSense_OpenVPN_test1.png
    pfSense_OpenVPN_test1.png_thumb
    pfSense_OpenVPN_test2.png
    pfSense_OpenVPN_test2.png_thumb
    pfSense_OpenVPN_test3.png
    pfSense_OpenVPN_test3.png_thumb
    pfSense_OpenVPN_test3_second.png
    pfSense_OpenVPN_test3_second.png_thumb
    pfSense_OpenVPN_test2_second.png
    pfSense_OpenVPN_test2_second.png_thumb
    pfSense_OpenVPN_test4_user.png
    pfSense_OpenVPN_test4_user.png_thumb

    1 Reply Last reply Reply Quote 0
    • T
      toomeek
      last edited by Jan 16, 2011, 5:06 PM

      Why no answer? Nobody wants to create VPN server for multiple WANs? Can't belive it… :)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by Jan 17, 2011, 12:51 AM

        @TooMeeK:

        First, I see that "passtos" option is invalid for Windows client. Shouldn't be even available on server config page "Set the TOS IP header value of tunnel packets to match the encapsulated packet value."

        There are tons of scenarios that don't use any Windows clients. It's there for good reason.

        @TooMeeK:

        Now I'm thinking about.. how to configure 2 OpenVPN instances for both WANs and use shared certificates?
        Yes, I can run Wizard twice and it will create 2 servers, but both will use 2 server certificates, one per one. Second thing is that probably have to use different IP pools, becuse of possible IP conflicts for clients.

        You can choose existing CA and certs in the wizard, or create the server manually.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received