Multiple OpenVPN clients on the same host

routing openvpn ubuntu-10.04

You would need to elaborate somewhat further what it is you are trying to do. A rough sketch with IP addresses of the hosts involved and a listing of your routing table(s) would help a lot understanding your problem.

my server doesn't seem to configure the tun0 device properly

It is possible for an ifconfig command to fail - maybe you should check the logs for that and post the relevant excerpts.

I want to set up the dual client box such that a computer whose gateway is set to eth0:0 gets all their traffic routed through one OpenVPN tunnel, and a computer whose gateway is set to eth0:1 gets all their traffic routed through a different OpenVPN tunnel

ip rule add from $IP_ETH00 table us_table

That's probably not the best way to achieve what you really want - which seems to be different routes for different clients. While it is possible to add iptables -t mangle rules to mark packets for different criteria, there would be no set of criteria being able to distinguish between eth0:0 and eth0:1 as the input interface (which is due to the way IP aliasing is implemented).

What you can do however is simply set up something like

ip rule add from <ip-of-your-client-for-the-us-table> table us_table

which would eliminate the need for IP aliases in your configuration entirely since the routing decision would be done based on source and destination IP addresses, no matter which interface the packet came in at.

copy_routing_table "us_table"

You've omitted the source of copy_routing_table - if it does what I suspect it does, you would end up with your entire main routing table in us_table. If your main routing table already contains routes potentially conflicting with what you're defining in the script, you might end up using them instead of your newly-added routes. This is especially a concern since you are adding a new default route in your up-script:

 ip route add default via $4 table us_table

As you already have a default route in your "main" table and add another one "via $4" (which is wrong BTW, as $4 would represent a local IP address of the router's own tun interface - you should use "dev $1" instead) without deleting the old route. You should prepend ip route del default table us_table here - and probably something similar for the other routes you add as well.

And this here:

From 192.168.1.133: icmp_seq=2 Redirect Host(New nexthop: 192.168.1.1)

is a message from 192.168.1.133 which is getting the packet for 98.137.149.56 (yahoo.com) and routing it out through 192.168.1.1. Since 192.168.1.133 knows (by evaluation of the interface netmask) that your host is in the same network as 192.168.1.1, you get notified to use 192.168.1.1 directly in the first place.


If the two OpenVPN servers are configured properly to push the necessary routes through to the clients, then you shouldn't need to do anything.

I would recommend to start one of the connections first, and then check the routing table that it now contains a route for the network(s) behind that server. Then start the other connection and check again. If any of the required routes are missing, talk to the sysadmin for the OpenVPN server. If that is you, check your server config file for push commands.

Related

Does an SMTP server have to have a public IP?
set open_files_limit
How much performance is gained from setting NtfsDisable8dot3NameCreation = 1?
Debian LACP Bond eth0 Churning state
puppet cert mismatch in ec2
How to get PHP_AUTH_USER and PHP_AUTH_PW available in nginx?
SSSD Kerberos AD Centos troubleshooting
One VPC or many VPC's
2 separate postfix instances and confusion with IP's in received field of mail message
Python function to convert seconds into minutes, hours, and days
How do I set a variable to a index of a list?
Always include first line in grep