Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - multiple instances

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    3
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toomeek
      last edited by

      Hello,

      I'm testing OpenVPN instance as remote access for users. This pfSense test installation uses dual WAN config (on 2 x DSL links).
      First, I see that "passtos" option is invalid for Windows client. Shouldn't be even available on server config page "Set the TOS IP header value of tunnel packets to match the encapsulated packet value." But ok, this can be disabled and go on.
      Now I'm thinking about.. how to configure 2 OpenVPN instances for both WANs and use shared certificates?
      Yes, I can run Wizard twice and it will create 2 servers, but both will use 2 server certificates, one per one. Second thing is that probably have to use different IP pools, becuse of possible IP conflicts for clients.
      Now, when I choose in User Manager both certificates for both OpenVPN instances for user it creates 2 x NEW "CA" with name LDAP. And this is causing user to not show up on "OpenVPN: Client Export Utility" page, have to manually change Server certificate to LDAP.
      And there is another thing: how to create installer with 2 configurations (for example for Windows)? (Probably have to manually copy config files for the second instance)

      Can I just use single CA, single server certificate and single IP client subnet for multiple OpenVPN instances?
      pfSense_OpenVPN_test1.png
      pfSense_OpenVPN_test1.png_thumb
      pfSense_OpenVPN_test2.png
      pfSense_OpenVPN_test2.png_thumb
      pfSense_OpenVPN_test3.png
      pfSense_OpenVPN_test3.png_thumb
      pfSense_OpenVPN_test3_second.png
      pfSense_OpenVPN_test3_second.png_thumb
      pfSense_OpenVPN_test2_second.png
      pfSense_OpenVPN_test2_second.png_thumb
      pfSense_OpenVPN_test4_user.png
      pfSense_OpenVPN_test4_user.png_thumb

      1 Reply Last reply Reply Quote 0
      • T
        toomeek
        last edited by

        Why no answer? Nobody wants to create VPN server for multiple WANs? Can't belive it… :)

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          @TooMeeK:

          First, I see that "passtos" option is invalid for Windows client. Shouldn't be even available on server config page "Set the TOS IP header value of tunnel packets to match the encapsulated packet value."

          There are tons of scenarios that don't use any Windows clients. It's there for good reason.

          @TooMeeK:

          Now I'm thinking about.. how to configure 2 OpenVPN instances for both WANs and use shared certificates?
          Yes, I can run Wizard twice and it will create 2 servers, but both will use 2 server certificates, one per one. Second thing is that probably have to use different IP pools, becuse of possible IP conflicts for clients.

          You can choose existing CA and certs in the wizard, or create the server manually.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post