> On Sunday, January 7th, 2024 at 1:00 AM, Antonio Quartulli <a...@unstable.cc> > wrote:
> Hi, > > On 06/01/2024 08:43, Peter Davis via Openvpn-users wrote: > > > Hello, > > 1- Is it possible to run all OpenVPN servers on one port? I currently have > > an OpenVPN server running with an IP address range of 20.20.0.0 on port > > 2024, now I want to run another server with a different IP address range on > > the same port as before. > > > Assuming you could have two daemons listening on the same port, where > should an incoming connection be sent to? > In any case, only one socket can be bound to a ip:port, therefore no, > you it is not possible to run multiple servers listening on the same port. > > > 2- Should every OpenVPN server have its own TUN? Can't run all servers on > > one TUN? > > > Each server is independent from each other, they do not communicate, > therefore each of them needs its own infrastructure, including the tun > device. > > > 3- I found the following firewall rules on the internet: > > > > # IF_MAIN=NIC_Name > > # IF_TUNNEL=tun0 > > # YOUR_OPENVPN_SUBNET=10.10.0.0/16 > > # iptables -I INPUT -p udp --dport 2024 -j ACCEPT > > # iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state > > ESTABLISHED,RELATED -j ACCEPT > > # iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT > > # iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j > > MASQUERADE > > > > Do I have to repeat the above firewall rules for each server? > > > Well, you are matching on YOUR_OPENVPN_SUBNET/IF_TUNNEL. IF those are > different for each server..then yeah, you need multiple rules. > > Cheers, > > > Thanks. > > > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > -- > Antonio Quartulli Hi, Thanks again. 1- You said "IF those are different for each server..then yeah, you need multiple rules.", what does it mean? Is there a way I can set up multiple servers with the above firewall rules? Do you mean that if all my servers are in the IP address range of 10.0.0.0 then I just need to change the TUN name and port number? 2- As an OpenVPN expert, you want to set up 10 servers, can you share your firewall rules with me? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
