Introduction
In this tutorial, we are going to make OpenVPN run several configuration files which may be used to run multi-protocol (TCP and UDP at the same time) or several ports.
We are assuming that you have root permission, otherwise, you may start commands with “sudo”.
Prerequisites
For this tutorial, you need a working OpenVPN server, If you don’t check out our OpenVPN configuration articles.
Configure OpenVPN on CentOS server
Configure OpenVPN on Debian and Ubuntu server
These instructions are working on CentOS 7, Debian 8 and Ubuntu 16.
Create a new Config file
You should create a second config file just like your primary one. Make sure that you change the port and IP range.
First, you need to make a copy of your config file:
cd /etc/openvpn/
cp server.conf server2.conf
Then you have to open your new config file with a text editor to edit the lines that refer to Port, Protocol stack and IP:
nano server2.conf
Edit the following lines and change the red parts to your preferred values:
port 100
proto tcp
server 10.1.2.0 255.255.255.0
Save and exit
Firewall Configuration
For packet forwarding, you need to add a rule for the new IP range in you firewall. In this section, we assume thatyou know what firewall you are using.
For IPtables
You need to add a packet forwarding rule for the IP range that you had set in your second configuration file, you can do this with the command below, (be sure that you replace the red parts with your preferred values)
iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -o ens3 -j MASQUERADE
For UFW
First you have to allow your new port through UFW with the command below:
ufw allow 100/tcp
Then you have to open your “before.rules” files and edit the lines that you added for your first configuration:
nano /etc/ufw/before.rules
You have something like below in your file:
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
you have to copy the red line and paste it in next line, be sure that you replace the IP and Subnetmask to your server2.conf information:
you have to have something like below:
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.1.2.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Now you can control your OpenVPN instances separately with the commands below.
For start services:
systemctl start openvpn@server2.service
systemctl start openvpn@server.service
For checking status:
systemctl status openvpn@server2.service
systemctl status openvpn@server.service
For stopping:
systemctl stop openvpn@server2.service
systemctl stop openvpn@server.service
NOTE:
If your distro doesn’t have “Systemctl” you may use commands like below to start your OpenVPN with your second configuration as a daemon:
/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server2.pid --cd /etc/openvpn --config server2.conf --script-security 2
Hi Amir,
0 down vote favorite
I need a vpn solution with openvpn server as below:
Suppose there are 5 employees in my team as named A,B,C,D,E etc.. And I’ve a openvpn server with 5 public IPs e.g. 103.255.98.1, 2, 3, 4, 5 etc. Now suppose I’ve make 5-users on server as A, B, C, D, E etc using useradd command and set password accordingly. Now my requirement is when emp A connect to server using A username and password then I’ll provide him a static IP like 103.255.98.1 and when emp B connect to server using B username and password then he will receive different IP.
Is any possibility of such type of binding user-name with IPs on openvpn server ?
Openvpn OS – Centos6.5
Hello,
Yes. It’s possible. You need to set client config directory on your OpenVPN config file like below
client-config-dir /etc/openvpn/client-config
file : /etc/openvpn/client-config/employee1
ifconfig-push 103.255.98.5 103.255.98.1
Also, you’d need to reserve IPs. you need to set “ifconfig-pool-persist ipp.txt” on your Openvpn config file.
on ipp.txt :
employee1,103.255.98.5
Finally, you’d need to restart your openvpn service.
Thank you.
Hello,
I just found your article, how many OpenVPN server instance can be created on a single linux server?
I already have four OpenVPN server instances running with separate subnet and I’m planning to add more instances.
i managed to run multiple openvpn instances , but what i have noticed that the connections from the new instances are not being logged in /var/log/openvpn.log
any ideas ?
Hi there.
Can you perhaps guide me. When two instances are running, obviously there’s two subnets. Let’s say 10.1.0.0 and 10.2.0.0.
How can I configure the routing so that both subnets can reach each other if required? I would like to be able to connect to 10.1.0.0 and reach devices on 10.2.0.0 preferably.
Much appreciated!
Hello Amir,
i am glad that i found this article, gives me hope for what i want to do next with my already running OpenVPN server. Do You have any experience having one config routed (my actual situation) and second having bridged? thank You Dusan
Muito bom mesmo, ajudou muito, estou em Fevereiro de 2021, tenho tido muitos problemas com VPN, e não posso simplesmente mudar a porta padrão ou o protocolo padrão pois já tenho muitos usuários conectados, então seria impossivel migrar para UDP, o ideal é subir uma nova instancia no mesmo servidor, genial!