[OpenWrt-Users] openvpn and multiple tunnels (i.e. server)

Sun Dec 16 17:30:29 CET 2007

On Sun, 2007-12-16 at 12:23 +0000, Olivier Mugnier wrote:
> The latest version of OpenVPN
>  is capable of running on 1 port the four client...

Hrm.  How does it do this with UDP?  Does it allocate a
separate/different UDP port after the initial handshake on the
well-known port?  From what I recall of the workings of TCP and UDP,
while TCP is able to listen to multiple connections on a single port and
route traffic for different connections to different
instances/processes, UDP is unable to do that.  Perhaps my recollection
is hazy.

I'm not sure of how it's doing it: But: As all UDP packet are passed to the same application
the motor should be capable af separate them for each client if some information
are in the paquet ?
What i know, is i have only one port open in firewall for OpenVPN.
and only one port open (Currports) by Openvpn locally.
(I run with UDP...)

> You have to create one certificate for each client + 1 certificate for 
> server

Bleah.  Yeah.  I tend to avoid the certificate froo-ha-ha (CAs, and cert
requests, and cert generation and issuance and CRLs and bla bla bla).
For my modest needs the whole certificate thing is just a lot of
unneeded, overly complicated overhead.  A strong passphrase is so much
easier to generate and is sufficient.  I'm not worried about
man-in-the-middle attacks.  I'm not securing Fort Knox here.

> and then, 1 config file should be enough !

Do you have a configuration example of one config with multiple clients
in it?  I'd be interested to see how that works in contrast to my
typical multiple configs installation.

I have no problem passing this to you, if everything is fine
for adding it to this mail, you should receive it.
I just replace my serveur name by test(2).dyndns.org to 
keep it private.... and "..." in certificate file instead of my information ;-)

Under linux version of OpenVPN, you should find some script that make
certificate generation a loch more easier.
But, maybe i understand badly your question: This is on serveur 
with different client.
I don't known how to do it on client to connecte to different
server with only one file !
In repertory "config multiclient" I change the file so you can
copy it on every client along with private key of this client.

> I think Kamikase script is wrote for only one server port....

Sure seems that way.

> On windows, on launch, openvpn launch every .ovpn file
> that are at the root of the config directory !

Yeah, that's the way I'm used to using it, as outlined below.  That's
what that initscript does, iterates over the *.conf files
in /etc/openvpn and starts an openvpn instance for each of them.

No, I mean:
Just launch OpenVPN once and is run as many time as there is a .ovpn file in config folder !
Your script was doing the same job but, it was scripting not OpenVPN directly ;-)

> Anyway, reducing to only one config file should be enough for you !

I guess I will have to investigate how that's possible, but I didn't
think you could specify multiple peers and their ports, etc. in a single
configuration file.

Many thanx for your input!

b.

If you have further question, do not hesitate...
and soory for my bad english... I'm french !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openwrt.org/pipermail/openwrt-users/attachments/20071216/bdb144dd/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Example OpenVPN.zip
Type: application/x-zip-compressed
Size: 20329 bytes
Desc: not available
Url : http://lists.openwrt.org/pipermail/openwrt-users/attachments/20071216/bdb144dd/attachment-0001.bin 