OpenVPN Multiple IPv4
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

OpenVPN Multiple IPv4

SadySady Member

Hey guys,

I have got OpenVPN running & listening on all IPs on port 1194:

# netstat -tunlp | grep 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           1629/openvpn

But I am only able to connect on the first IPv4 & when I change "remote first.ip 1194" in client.ovpn to "remote second.ip 1194", it doesn't work & show the following errors:

Wed Jun 22 20:37:29 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 22 20:37:29 2016 TLS Error: TLS handshake failed

Can please one of you guide me in the right way? I will really appreciate it.

Thanks

I don't have any relation/affiliation with any LET Host, All of my comments are my own
Simple bash script to clean compromised wordpress site [cPanel/WHM specified]

Comments

  • tommytommy Member

    these error unrelated to your problem

    add iptables nat for second ip?

    Let's bet which dot-name will collapse first ;)

  • MakenaiMakenai Member
    edited June 2016

    Are the IPs in the same subnet with same GW? Could it be that the packet is being received at the second IP and then sent out to the default gateway from the first IP?

    I had similar issue when attaching two Elastic IPs on two network interfaces to one Linux machine. The solution was to create another routing table and set up interface specific routes.

    ip route add default via 10.0.0.GW dev eth1 customtable
    ip rule add from 10.0.0.SECONDIP table customtable
    

    There is another solution here which seems similar and could describe your issue
    http://askubuntu.com/a/315401

  • SadySady Member

    @tommy said:
    these error unrelated to your problem

    add iptables nat for second ip?

    I ain't that much good at iptables but tried this command:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to second.ip

    But that didn't work, maybe because I am forwarding traffic from same internal subnet (10.8.0.0/24)?

    I don't have any relation/affiliation with any LET Host, All of my comments are my own
    Simple bash script to clean compromised wordpress site [cPanel/WHM specified]

  • SadySady Member

    @Makenai said:
    Are the IPs in the same subnet with same GW? Could it be that the packet is being received at the second IP and then sent out to the default gateway from the first IP?

    I had similar issue when attaching two Elastic IPs on two network interfaces to one Linux machine. The solution was to create another routing table and set up interface specific routes.

    ip route add default via 10.0.0.GW dev eth1 customtable
    ip rule add from 10.0.0.SECONDIP table customtable
    

    There is another solution here which seems similar and could describe your issue
    http://askubuntu.com/a/315401

    Actually those are on the same interface but different subnets. The server is OVH's Cloud VPS if that helps. Would your solution still applicable?

    I don't have any relation/affiliation with any LET Host, All of my comments are my own
    Simple bash script to clean compromised wordpress site [cPanel/WHM specified]

  • @Sady said:

    @Makenai said:
    Are the IPs in the same subnet with same GW? Could it be that the packet is being received at the second IP and then sent out to the default gateway from the first IP?

    I had similar issue when attaching two Elastic IPs on two network interfaces to one Linux machine. The solution was to create another routing table and set up interface specific routes.

    ip route add default via 10.0.0.GW dev eth1 customtable
    ip rule add from 10.0.0.SECONDIP table customtable
    

    There is another solution here which seems similar and could describe your issue
    http://askubuntu.com/a/315401

    Actually those are on the same interface but different subnets. The server is OVH's Cloud VPS if that helps. Would your solution still applicable?

    Do a TCPDUMP on the client server, you can then see what IP is sending the return OpenVPN packets, and see if they are being received at all/etc

    Devops Consultant | GitHub

Sign In or Register to comment.