On Tue, 25 Jul 2023 16:10:15 +0000 (UTC), Jason Long via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>Hello,I have a question and I'm thankful if someone clear it for me. >I guess it would be better if each server has its own key files, but >the server means the server configuration file or an OpenVPN (physical >or VM) server? Here the multiple servers means multiple openvpn service instances on the same server computer (Linux) each service running according to its own conf file. On Linux the OpenVPN is configured in /etc/openvpn Inside this dir there are two subdirs client and server, what we are discussing here is the server dir. Files of type conf placed here define the server operation. To define a server *instance* you put a servername.conf file into the server subdir where the functionality of the servername service is defined. You can have several such conf files inside that dir and each will define one service instance. These can (should?) all refer to the same cryptography files, which typically can be placed into a directory /etc/openvpn/keys and the path to them inside the conf file should be the full path. It is perfectly OK and possibly most common to use the same set of such files for all server instances. >I mean, if an OpenVPN server has a lot of server configuration files >(server-1.conf, server-2.conf,...) and they all use the same key files, >is there a problem? > I have always two server instances named serverweb and serverlocal where the user can log in to any one of them using his OVPN files. The difference is the port number each runs on and the configuration in the conf file in general. The port numbers MUST be different from each other and no other service on the computer must use these ports! I always use a single set of crypto files for both services. In this case the user will either be fully connected to the server LAN with Internet access through the server LAN gateway (serverweb) or else (serverlocal) just accessing the server side LAN as a network member and the Internet through his own LAN gateway. HTH -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
