In this tutorial, we are going to make OpenVPN run several configuration files which may be used to run multi-protocol (TCP and UDP at the same time) or several ports.
We are assuming that you have root permission, otherwise, you may start commands with “sudo”.
For this tutorial, you need a working OpenVPN server, If you don’t check out our OpenVPN configuration articles.
These instructions are working on CentOS 7, Debian 8 and Ubuntu 16.
Create a new Config file
You should create a second config file just like your primary one. Make sure that you change the port and IP range.
First, you need to make a copy of your config file:
cp server.conf server2.conf
Then you have to open your new config file with a text editor to edit the lines that refer to Port, Protocol stack and IP:
Edit the following lines and change the red parts to your preferred values:
port 100 proto tcp server 10.1.2.0 255.255.255.0
Save and exit
For packet forwarding, you need to add a rule for the new IP range in you firewall. In this section, we assume thatyou know what firewall you are using.
You need to add a packet forwarding rule for the IP range that you had set in your second configuration file, you can do this with the command below, (be sure that you replace the red parts with your preferred values)
iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -o ens3 -j MASQUERADE
First you have to allow your new port through UFW with the command below:
ufw allow 100/tcp
Then you have to open your “before.rules” files and edit the lines that you added for your first configuration:
You have something like below in your file:
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
you have to copy the red line and paste it in next line, be sure that you replace the IP and Subnetmask to your server2.conf information:
you have to have something like below:
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.1.2.0/24 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
Now you can control your OpenVPN instances separately with the commands below.
For start services:
systemctl start email@example.com
systemctl start firstname.lastname@example.org
For checking status:
systemctl status email@example.com
systemctl status firstname.lastname@example.org
systemctl stop email@example.com
systemctl stop firstname.lastname@example.org
If your distro doesn’t have “Systemctl” you may use commands like below to start your OpenVPN with your second configuration as a daemon:
/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server2.pid --cd /etc/openvpn --config server2.conf --script-security 2