HugeServer Knowledgebase

Running multiple OpenVPN instances (multi port)

Introduction

In this tutorial, we are going to make OpenVPN run several configuration files which may be used to run multi-protocol (TCP and UDP at the same time) or several ports.

We are assuming that you have root permission, otherwise, you may start commands with “sudo”.

Prerequisites

For this tutorial, you need a working OpenVPN server, If you don’t check out our OpenVPN configuration articles.

Configure OpenVPN on CentOS server

Configure OpenVPN on Debian and Ubuntu server

These instructions are working on CentOS 7, Debian 8 and Ubuntu 16.

Create a new Config file

You should create a second config file just like your primary one. Make sure that you change the port and IP range.

First, you need to make a copy of your config file:

cd /etc/openvpn/

cp server.conf server2.conf

Then you have to open your new config file with a text editor to edit the lines that refer to Port, Protocol stack and IP:

nano server2.conf

Edit the following lines and change the red parts to your preferred values:


port 100

proto tcp

server 10.1.2.0 255.255.255.0

Save and exit

Firewall Configuration

For packet forwarding, you need to add a rule for the new IP range in you firewall. In this section, we assume thatyou know what firewall you are using.

For IPtables

You need to add a packet forwarding rule for the IP range that you had set in your second configuration file, you can do this with the command below, (be sure that you replace the red parts with your preferred values)

iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -o ens3 -j MASQUERADE

For UFW

First you have to allow your new port through UFW with the command below:

ufw allow 100/tcp

Then you have to open your “before.rules” files and edit the lines that you added for your first configuration:

nano /etc/ufw/before.rules

You have something like below in your file:


# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

you have to copy the red line and paste it in next line, be sure that you replace the IP and Subnetmask to your server2.conf information:

you have to have something like below:


# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.1.2.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

Now you can control your OpenVPN instances separately with the commands below.
For start services:

systemctl start openvpn@server2.service

systemctl start openvpn@server.service

For checking status:

systemctl status openvpn@server2.service

systemctl status openvpn@server.service

For stopping:

systemctl stop openvpn@server2.service

systemctl stop openvpn@server.service

NOTE:

If your distro doesn’t have “Systemctl” you may use commands like below to start your OpenVPN with your second configuration as a daemon:

/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server2.pid --cd /etc/openvpn --config server2.conf --script-security 2

Was this tutorial helpful?

Thank you for your vote.Thank you for your vote.

Similar Posts

2 thoughts on “Running multiple OpenVPN instances (multi port)”

  1. Hi Amir,
    0 down vote favorite

    I need a vpn solution with openvpn server as below:
    Suppose there are 5 employees in my team as named A,B,C,D,E etc.. And I’ve a openvpn server with 5 public IPs e.g. 103.255.98.1, 2, 3, 4, 5 etc. Now suppose I’ve make 5-users on server as A, B, C, D, E etc using useradd command and set password accordingly. Now my requirement is when emp A connect to server using A username and password then I’ll provide him a static IP like 103.255.98.1 and when emp B connect to server using B username and password then he will receive different IP.

    Is any possibility of such type of binding user-name with IPs on openvpn server ?
    Openvpn OS – Centos6.5

    1. Hello,

      Yes. It’s possible. You need to set client config directory on your OpenVPN config file like below
      client-config-dir /etc/openvpn/client-config

      file : /etc/openvpn/client-config/employee1
      ifconfig-push 103.255.98.5 103.255.98.1

      Also, you’d need to reserve IPs. you need to set “ifconfig-pool-persist ipp.txt” on your Openvpn config file.
      on ipp.txt :
      employee1,103.255.98.5

      Finally, you’d need to restart your openvpn service.

      Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

*