Multiple client connections using OpenVPN

Question

I have 2 servers running OpenVPN, let's call them server A and server B, I also have a client for both of the OpenVPN servers which is called client1, I'm trying to connect client1 to both servers on another machine which in this case I will call machine1, both of the OpenVPN's configurations of the servers is set to different subnets so they won't conflict.

If I try to connect client1 normally without any OpenVPN options to both servers it won't connect because the default client1 configuration is routing all the traffic through the VPN, that meaning there can't be 2 connections to the OpenVPN's servers because one connection will try to route all the traffic and the second connection will try to do that too but there will be a conflict.

So that's why I try to connect on machine1 both server A client1 and server B client1 with route-nopull option.

The problem is the following, I got machine1 connected to both server A and server B using TAP interfaces and both interfaces are connected and they got an IP, but there are no routes since I'm using route-nopull option and if I want to run an application like a web server on machine1 using the IP server A gave me for client1 and try to access it on another client with in the same subnet of server A it won't work.

More information:

Server A range for clients: 10.8.2.0-10.8.2.255
Server B range for clients: 10.8.3.0-10.8.3.255
client1 on server A has the static IP: 10.8.2.3
client1 on server B has the static IP: 10.8.3.2
Server A and B have client-to-client option enabled

The OpenVPN servers are using CentOS 6.5 minimal and machine1 is using CentOS 7.

Any ideas how I can connect both servers or more than 2 servers so the TAP interfaces can be used like normal Ethernet interfaces, to start a web server or any application on any of the IPs of the OpenVPN servers connected?

Answer 1

Sorry, had misunderstood. So you want, from a machine in same subnet as VPN server, to access your VPN client?

What you will need here is routing, in particular, you will need to turn it on on the VPN server. Your machines on the VPN server subnet will need a way to know how to access the VPN client, either with local route, or their gateway knowing the route. Your VPN client will need to know how to reply, which can be organized with "client-config-dir", "iroute" and "route" options. It's a little trickier than just gateway, but still rather easy.

Have a look here: https://openvpn.net/community-resources/how-to/#expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet . It describes very well all the steps involved in such a setup.

---

Original answer (Left so comment makes sense)

Have you had a look at this: https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway ?

To me it sounds like your issue is the gateway redirect. You might want to turn it off at server level with commenting "redirect-gateway", or filter it at client level with "--pull-filter ignore redirect-gateway"

Answer 2

This is such an unnecessarily confusing topic, so here it is, the answer to the very simple question:

I have multiple .ovpn OpenVpn Connections I need to use at once - how do I connect to more than one on Windows?

1. You must use OpenVpn GUI, the Community, open source version - not OpenVpn Connect. Currently that means going to the OpenVpn site, clicking Community at the top, then clicking "Download OpenVpn Community Edition" - no mention of OpenVpn GUI, but, that's what you're getting.

2. Download all your .ovpn and related connection files (usually provided to you in a zip) and place them in your OpenVpn user settings folder. To find it, run OpenVpn GUI after installing it, open Settings, click the Advanced tab and check the Configuration Files path. Open that path in Windows Explorer. Unzip each set of OpenVpn settings here, each into their own subfolder.

3. You're almost there - you should now be able to connect to either Connection but not both. Verify that's successful first.

4. Finally, the most obscure step - you must overcome a Windows limitation by adding a TAP Adapter. Go to the Start Menu look for the OpenVpn start menu folder and click on the "Add a new TAP Windows6 virtual...". Let it run.

5. If you'd like to verify this has completed go to Windows Settings, Network, Change adapter options. In it you'll see OpenVpn TAP Windows6, and a new, OpenVpn TAP Windows6 #1.

6. Now run OpenVpn, connect to one connection, then, connect to the other. Both will run simultaneously.

If you need more than 2 connections, you just need as many TAP Adapters installed as your max OpenVpn connections. Keep running that add until the number of TAP Adapters in your Network Change adapter settings pane matches the max OpenVpn connections you'll use.

There are limitations on the .ovpn scripts that can cause problems. You may need to reach out to the network admin if they conflict (for example, there is a setting in .ovpn connections that redirects all traffic - usually you don't want that active for ANY connection if using multiple, but, if you must, it should be active for at most one - and messing with those scripts requires at least coordinating with the relevant network admin).