NewtownGuy
Technical User
I keep having problems with some remote client machines trying to connect to my OpenVPN server using UDP. I've set up a second instance of OpenVPN on my server to receive TCP. The problem is that I can't figure out how to have both instances assign clients to share the same network subnet so that a client machine will get the same VPN IP address regardless of whether it connects with UDP or TCP. I use ccd to assign particular VPN IP addresses to clients.
Please note that the basic setup works ok with either TCP or UDP so long as different subnets are used. I just can't share the same subnet, which is why I'm asking for help.
Here's a ccd for a client:
ifconfig-push 10.254.0.81 10.254.0.82
Here's a part of the config file for the OpenVPN server that uses UDP (it creates tun254):
proto tcp-server
mode server
tls-server
ifconfig 10.254.0.1 10.254.0.2
ifconfig-pool 10.254.1.5 10.254.3.251
route 10.254.0.0 255.255.252.0
push "route 10.254.0.0 255.255.252.0"
Here's a part of the config file for the OpenVPN server that uses TCP (it creates tun255):
proto tcp-server
mode server
tls-server
ifconfig 10.254.2.1 10.254.2.2
push "route 10.254.0.0 255.255.252.0"
Note that I use the UDP server to setup the local routing in the 10.254.0.0/22 subnet and to assign the IP-address pool since I want them common to both instances.
Here are the resulting routes on the server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.254.2.2 * 255.255.255.255 UH 0 0 0 tun255
10.254.0.2 * 255.255.255.255 UH 0 0 0 tun254
192.168.192.0 * 255.255.255.0 U 0 0 0 eth0
10.254.0.0 10.254.0.2 255.255.252.0 UG 0 0 0 tun254
default 192.168.192.1 0.0.0.0 UG 100 0 0 eth0
Here are the resulting routes on a client:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.254.0.82 * 255.255.255.255 UH 0 0 0 tun254
192.168.192.0 * 255.255.255.0 U 0 0 0 eth0
10.254.0.0 10.254.0.82 255.255.252.0 UG 0 0 0 tun254
default 192.168.192.1 0.0.0.0 UG 100 0 0 eth0
Clients that use UDP are able to ping ok. Clients that use TCP cannot. What am I doing wrong ?
Thank you in advance for your help.
-- NewtownGuy
Please note that the basic setup works ok with either TCP or UDP so long as different subnets are used. I just can't share the same subnet, which is why I'm asking for help.
Here's a ccd for a client:
ifconfig-push 10.254.0.81 10.254.0.82
Here's a part of the config file for the OpenVPN server that uses UDP (it creates tun254):
proto tcp-server
mode server
tls-server
ifconfig 10.254.0.1 10.254.0.2
ifconfig-pool 10.254.1.5 10.254.3.251
route 10.254.0.0 255.255.252.0
push "route 10.254.0.0 255.255.252.0"
Here's a part of the config file for the OpenVPN server that uses TCP (it creates tun255):
proto tcp-server
mode server
tls-server
ifconfig 10.254.2.1 10.254.2.2
push "route 10.254.0.0 255.255.252.0"
Note that I use the UDP server to setup the local routing in the 10.254.0.0/22 subnet and to assign the IP-address pool since I want them common to both instances.
Here are the resulting routes on the server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.254.2.2 * 255.255.255.255 UH 0 0 0 tun255
10.254.0.2 * 255.255.255.255 UH 0 0 0 tun254
192.168.192.0 * 255.255.255.0 U 0 0 0 eth0
10.254.0.0 10.254.0.2 255.255.252.0 UG 0 0 0 tun254
default 192.168.192.1 0.0.0.0 UG 100 0 0 eth0
Here are the resulting routes on a client:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.254.0.82 * 255.255.255.255 UH 0 0 0 tun254
192.168.192.0 * 255.255.255.0 U 0 0 0 eth0
10.254.0.0 10.254.0.82 255.255.252.0 UG 0 0 0 tun254
default 192.168.192.1 0.0.0.0 UG 100 0 0 eth0
Clients that use UDP are able to ping ok. Clients that use TCP cannot. What am I doing wrong ?
Thank you in advance for your help.
-- NewtownGuy