Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN - multiple instances

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    3
    3094
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toomeek last edited by

      Hello,

      I'm testing OpenVPN instance as remote access for users. This pfSense test installation uses dual WAN config (on 2 x DSL links).
      First, I see that "passtos" option is invalid for Windows client. Shouldn't be even available on server config page "Set the TOS IP header value of tunnel packets to match the encapsulated packet value." But ok, this can be disabled and go on.
      Now I'm thinking about.. how to configure 2 OpenVPN instances for both WANs and use shared certificates?
      Yes, I can run Wizard twice and it will create 2 servers, but both will use 2 server certificates, one per one. Second thing is that probably have to use different IP pools, becuse of possible IP conflicts for clients.
      Now, when I choose in User Manager both certificates for both OpenVPN instances for user it creates 2 x NEW "CA" with name LDAP. And this is causing user to not show up on "OpenVPN: Client Export Utility" page, have to manually change Server certificate to LDAP.
      And there is another thing: how to create installer with 2 configurations (for example for Windows)? (Probably have to manually copy config files for the second instance)

      Can I just use single CA, single server certificate and single IP client subnet for multiple OpenVPN instances?











      1 Reply Last reply Reply Quote 0
      • T
        toomeek last edited by

        Why no answer? Nobody wants to create VPN server for multiple WANs? Can't belive it… :)

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          @TooMeeK:

          First, I see that "passtos" option is invalid for Windows client. Shouldn't be even available on server config page "Set the TOS IP header value of tunnel packets to match the encapsulated packet value."

          There are tons of scenarios that don't use any Windows clients. It's there for good reason.

          @TooMeeK:

          Now I'm thinking about.. how to configure 2 OpenVPN instances for both WANs and use shared certificates?
          Yes, I can run Wizard twice and it will create 2 servers, but both will use 2 server certificates, one per one. Second thing is that probably have to use different IP pools, becuse of possible IP conflicts for clients.

          You can choose existing CA and certs in the wizard, or create the server manually.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy