| View previous topic :: View next topic |
| Author |
Message |
cazze
Apprentice
Joined: 26 Mar 2003
Posts: 155
Location: Brussels - Belgium
|
 Posted: Fri Sep 09, 2005 12:13 pm Post subject: Multiple instances openvpn |
 |
|
Hi,
how could i run multiple instances of openvpn on a gentoo box? I would like to run the UDP and TCP server, and a client connection.
Is this possible with the default init scripts?
Thx,
kammicazze
_________________
Required: Windows 95 or better, so i installed Linux!!! |
|
| Back to top |
|
 |
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Fri Sep 09, 2005 12:48 pm Post subject: |
|
|
the init scripts will start a new instance of OpenVPN for each conf file in /etc/openvpn
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
cazze
Apprentice
Joined: 26 Mar 2003
Posts: 155
Location: Brussels - Belgium
|
| Posted: Fri Sep 09, 2005 2:26 pm Post subject: |
|
|
| Quote: | | the init scripts will start a new instance of OpenVPN for each conf file in /etc/openvpn |
are u sure of this?
i'm talking about openvpn 2.0.1.
It says my configuration file should be /etc/openvpn/*/local.conf.
Do i have to put local.conf files in each directory op the different instance of openvpn i want, like this:
/etc/openvpn/server_udp/local.conf
/etc/openpvn/server_tcp/local.conf
/etc/openvpn/client_1/local.conf
...
kammicazze
_________________
Required: Windows 95 or better, so i installed Linux!!! |
|
| Back to top |
|
|
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Fri Sep 09, 2005 3:09 pm Post subject: |
|
|
I have mine set up like so:
configuration file
/etc/openvpn/priest-server.conf
keys, etc
/etc/openvpn/priest-server/
client-configs:
/etc/openvpn/priest-server/client-configs/
and it works just fine for me
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
yottabit
Guru
Joined: 11 Nov 2002
Posts: 313
Location: Columbus, Ohio, US
|
| Posted: Fri Nov 11, 2005 3:53 pm Post subject: |
|
|
The new OpenVPN (2.0.5-r2) init script seems to expect a single openvpn.conf in /etc/openvpn/ in order to start. This of course bjorked my config since I had two instances/configs running (one for UDP, one for TCP). I just made two copies of the init script in /etc/init.d/ and customoized one for my UDP config file and the other for my TCP config file.
Not glamorous, but it works...
_________________
Play The Hitchhiker's Guide to the Galaxy! |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1317
Location: Manchester, UK
|
| Posted: Sat Dec 31, 2005 11:09 am Post subject: |
|
|
which fool decided to change this.
My VPN has a version 2 style vpn for multiple single clients and a version 1 style point-point vpn for joining to remote networks.
I've just hacked the init files so it works again. |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1317
Location: Manchester, UK
|
| Posted: Sat Dec 31, 2005 11:24 am Post subject: |
|
|
grrr always read the info
the new init script works like this
you put all your configuration files into /etc/openvpn
call your config files vpn-name.conf e.g. I've called mine RAS.conf and leeds-manchester.conf
create symlinks to the init script and call them openvpn.vpn-name
| Code: | ln -sf /etc/init.d/openvpn /etc/init.d/openvpn.RAS
ln -sf /etc/init.d/openvpn /etc/init.d/openvpn.leeds-manchester |
remove the openvpn script from the default run level and add the new symlinked ones you have created
for the most part the info at the end of ebuilds is a waste of time, unless you sit there and watch your packages compile. This information should be logged to the emerge.log so you can review it easily later. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Sat Dec 31, 2005 1:59 pm Post subject: |
|
|
| nobspangle wrote: | | which fool decided to change this. |
That would be me 
The new init script has been in ~ARCH for many months now with little compliant and it provides a much better solution.
| Quote: | | for the most part the info at the end of ebuilds is a waste of time, unless you sit there and watch your packages compile. This information should be logged to the emerge.log so you can review it easily later. |
Checkout portage-2.1_pre series - it supports the PORTAGE_ELOG_* stuff that makes logging and reviewing easier.
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
Braempje
l33t
Joined: 31 Jan 2003
Posts: 748
|
|
| Back to top |
|
|
Raffi
l33t
Joined: 17 Mar 2003
Posts: 707
Location: Moscow, Id.
|
| Posted: Mon Jan 02, 2006 4:08 pm Post subject: |
|
|
[quote="UberLord"] | nobspangle wrote: |
That would be me
|
Ahh... Now I have a direction to direct my grumbling. 
So, is the openvpn config de jour a result of multiple personalities, indecision nor infighting among developers?  Sorry, just had to say something, the regular changes have been making me very wary of upgrading certain machines.
On a more serious note, is the current setup likely to stick for a while? Should I go ahead and switch to it with some expectation of it being the standard approach? |
|
| Back to top |
|
|
Raffi
l33t
Joined: 17 Mar 2003
Posts: 707
Location: Moscow, Id.
|
| Posted: Mon Jan 02, 2006 9:39 pm Post subject: |
|
|
| For the record, the current config setup seems to be the best one so far. Let's hope we keep it. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Tue Jan 03, 2006 7:16 am Post subject: |
|
|
| Raffi wrote: | | Ahh... Now I have a direction to direct my grumbling. |
Uh oh!
/me runs for the hills 
| Quote: | | So, is the openvpn config de jour a result of multiple personalities, indecision nor infighting among developers? Sorry, just had to say something, the regular changes have been making me very wary of upgrading certain machines. |
Simply the case that openvpn has changed maintainers a fair few times and each maintainer as a different view to solving bugs. IMO at least 2 bugs could not have been fixed without the current script.
| Quote: | | On a more serious note, is the current setup likely to stick for a while? Should I go ahead and switch to it with some expectation of it being the standard approach? |
The counterpoint is that work still needs to be done, but the current config setup and layout is now "fixed" for as long as I'm the maintainer.
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
Raffi
l33t
Joined: 17 Mar 2003
Posts: 707
Location: Moscow, Id.
|
| Posted: Tue Jan 03, 2006 1:27 pm Post subject: |
|
|
| UberLord wrote: |
The counterpoint is that work still needs to be done, but the current config setup and layout is now "fixed" for as long as I'm the maintainer. |
Well I like the current way of doing thing a lot, so I hope you keep maintaining it for the foreseeable future.
Thanks. |
|
| Back to top |
|
|
dcmwai
n00b
Joined: 26 Mar 2005
Posts: 8
Location: Malaysia
|
| Posted: Sun Jan 08, 2006 12:27 pm Post subject: |
|
|
Let me try to help.
Put the following in your openvpn.conf
#openvpn.conf
cd full/path/vpn1
config local.conf
cd full/path/vpn2
config local.conf
#end
Try this way |
|
| Back to top |
|
|
BlaaT0001
n00b
Joined: 21 Sep 2004
Posts: 22
Location: Holland/Rijnsburg
|
| Posted: Tue Feb 07, 2006 2:42 pm Post subject: |
|
|
I for one am quite fund of the new baselayout. I'm now able to stop any one of my particular openvpn instances.
I do have some questions though. After emerging openvpn-2.0.5-r2 the following message appears on screen:
| Quote: |
It is recommended that you create your tun/tap interfaces using"
"the net.tun0/net.tap0 scripts provided by baselayout instead of"
"using the 'server' directive in openvpn configuration files."
"This will insure that the interface really is up after openvpn"
"starts."
"Note that you cannot use net.tun0/net.tap0 and the server option,"
"otherwise openvpn will not start."
|
How would I accomplish this exactly?
Normally if I start my OpenVPN tun instance with the "server" directive set (server 172.24.1.0 255.255.255.224), Openvpn takes care of creating my tun device. The log file shows:
| Code: |
/sbin/ifconfig tun0 172.24.1.1 pointopoint 172.24.1.2 mtu 1500
/sbin/route add -net 172.24.1.0 netmask 255.255.255.224 gw 172.24.1.2
|
I've tried to modify my /etc/conf.d/net file and created a symlink net.tun0 to net.lo
in /etc/conf.d/net the following line now resides:
| Code: |
config_tun0=("172.24.1.1 pointopoint 172.24.1.2")
|
This doesn't do the trick though  I've tried some alternatives but no luck so far.
I have managed to get the tun0 device up and running manually, but not using the baselayout scripts, not in a pointopoint mode that is.
Also, I haven't been able to add the required routes to my kernel routing table using the baselayout scripts. Is there any room for routes in the config files for networking?
When the net.tun0 device is activated the tun0 device should be configured with the right IP, in point-to-point mode and the right routes should be added to the routing table. Otherwise I'll better take my chances with Openvpn creating the tun0 device for me and adding the routes to the kernel routing table.
I can imagine though, when using Openvpn in bridge/TAP mode it's preferable to have the interfaces up and running, the bridge (net.br0) created before starting Openvpn. This way the whole bridge creation is not depending on Openvpn to run or not.
So, how should the /etc/conf.d/net file look like when using the new baselayout with Openvpn-2.0.5-r2?
Cheers,
BlaaT
_________________
You're about as useful as a cock flavoured lolly-pop..... |
|
| Back to top |
|
|
BlaaT0001
n00b
Joined: 21 Sep 2004
Posts: 22
Location: Holland/Rijnsburg
|
| Posted: Thu Feb 09, 2006 3:01 pm Post subject: |
|
|
Adding the routes is done with:
| Code: |
routes_tun0=( "172.24.1.0 netmask 255.255.255.224 gw 172.24.1.2" )
|
With my tun0 device having the IP address 172.24.1.1 this would route traffice for the 172.24.1.0/27 network to OpenVPN which has a P-t-p connection with the tun0 device.
I just can't seem to manage to get the tun0 device up and running in Point-to-point mode using the /etc/conf.d/net file.
Any help anyone?
Thanks,
BlaaT
_________________
You're about as useful as a cock flavoured lolly-pop..... |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Thu Feb 09, 2006 3:23 pm Post subject: |
|
|
You have emerged usermode-utilities haven't you?
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
BlaaT0001
n00b
Joined: 21 Sep 2004
Posts: 22
Location: Holland/Rijnsburg
|
| Posted: Fri Feb 10, 2006 11:08 am Post subject: |
|
|
Yes, I've got: sys-apps/usermode-utilities-20040406-r1
This is how my tun0 virtual nic is configured when I use OpenVPN to configure it:
| Code: |
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.24.1.1 P-t-P:172.24.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:426 errors:0 dropped:0 overruns:0 frame:0
TX packets:426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:27196 (26.5 Kb) TX bytes:28180 (27.5 Kb)
|
If I use the "/etc/init.d/net.tun0" script (which in linked to /etc/init.d/net.lo) and I use the following config in my /etc/conf.d/net file:
Snip from /etc/conf.d/net
| Code: |
# OpenVPN TUN interface
config_tun0=( "172.24.1.1 pointopoint 172.24.1.2" )
routes_tun0=( "172.24.1.0 255.255.255.224 via 172.24.1.2" )
|
the tun0 interface does not start properly.
Output of "/etc/init.d/net.tun0 start":
| Code: |
* Starting tun0
* Creating Tun/Tap interface tun0 ... [ ok ]
* Bringing up tun0
* 172.24.1.1 [ ok ]
* Adding routes
* 172.24.1.0 255.255.255.224 gw 172.24.1.2 ... [ !! ]
|
ifconfig tun0 outputs:
| Code: |
tun0 Link encap:Ethernet HWaddr E6:79:E7:7E:CD:B2
inet addr:172.24.1.1 Bcast:172.24.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
Notice the difference in configuration of the tun0 interface?
/etc/init.d/net.tun0 stop outputs:
| Code: |
* Stopping tun0
* Bringing down tun0
* Destroyed Tun/Tap interface tun0 [ ok ]
|
I hope anyone has got some suggestions.
Thanks,
BlaaT
_________________
You're about as useful as a cock flavoured lolly-pop..... |
|
| Back to top |
|
|
mnagl
n00b
Joined: 05 Jul 2003
Posts: 25
|
| Posted: Sun Apr 16, 2006 2:59 pm Post subject: |
|
|
Same Problem here.
Matthias |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Tue Apr 18, 2006 8:54 am Post subject: |
|
|
This should be fixed with baselayout-1.12.0_pre17-r2
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
mnagl
n00b
Joined: 05 Jul 2003
Posts: 25
|
| Posted: Tue Apr 18, 2006 8:56 am Post subject: |
|
|
Thank you very much!
How long will this probably need to go stable?
yours
Matthias |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Tue Apr 18, 2006 9:08 am Post subject: |
|
|
| mnagl wrote: | | How long will this probably need to go stable? |
Not long now. We've already started the process by marking bash-3.1 stable. Then I will be marking the required dhcp clients around the middle of next month and probably do a pre18 which should be the last unstable version of 1.12.
So probably around 2 months.
On the other hand, the more users that use 1.12.0_pre now and report any issues makes it easier for others. So the more people that test the quicker things get done
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
mrfree
Veteran
Joined: 15 Mar 2003
Posts: 1303
Location: Europe.Italy.Sulmona
|
| Posted: Sun Aug 06, 2006 5:52 pm Post subject: |
|
|
/var/log/openvpn.log
| Code: | Sun Aug 6 19:18:36 2006 TUN/TAP device tun0 opened
Sun Aug 6 19:18:36 2006 /sbin/ifconfig tun0 10.11.12.1 pointopoint 10.11.12.2 mtu 1500
Sun Aug 6 19:18:36 2006 /sbin/route add -net 10.11.12.0 netmask 255.255.255.0 gw 10.11.12.2
Sun Aug 6 19:18:36 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] |
So I've added to /etc/conf.d/net
| Code: | config_tun0=( "10.11.12.1 pointopoint 10.11.12.2" )
routes_tun0=( "10.11.12.0 netmask 255.255.255.0 gw 10.11.12.2" ) |
| Code: | # /etc/init.d/net.tun0 start
* Starting tun0
* Bringing up tun0
* 10.11.12.1
* network interface tun0 does not exist
* Please verify hardware or kernel module (driver) [ !! ] |
Tun module is loaded.
| Code: | # lsmod | grep tun
tun 8608 0 |
| Code: | [I--] [ ~] sys-apps/baselayout-1.12.4-r1 (0)
[I--] [ ] sys-apps/usermode-utilities-20040406-r1 (0) |
_________________
Please EU, pimp my country!
ICE: /etc/init.d/iptables panic |
|
| Back to top |
|
|
VPN-User
n00b
Joined: 03 Feb 2005
Posts: 46
|
| Posted: Mon Aug 14, 2006 7:36 am Post subject: |
|
|
Same here. Funny (is it?) thing is, it works when doing an "/etc/init.d/net.tap0 start" after login. 
I wonder how a new baselayout can go stable when it has not been tested with all features? |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Mon Aug 14, 2006 7:45 am Post subject: |
|
|
| VPN-User wrote: | | I wonder how a new baselayout can go stable when it has not been tested with all features? |
I use OpenVPN to create tap interfaces every day. I know of another Gentoo developer who uses tun instead.
Maybe we didn't have enough people testing with a wide variation of configs and hardware this time - care to help next time?
Do you have hotplug enabled in the kernel?
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
|
Networking & Security
