Multiple OpenVPN connections from one client to one server - connection reset

2

I have a Ubuntu 13.10 OpenVPN client, and Windows XP OpenVPN server. Connection is established, everything works fine (actually Im testing it on two virtual machines).

My question is simple: can I have multiple VPN connections from one client to one server? I mean, I would like to establish 1000 or more connections from one client to one server at the same time. I tried to do this with different tun interfaces, take a look:

first client config file:

client
dev tun0
proto tcp
remote 192.168.0.6 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/clientreq.key
comp-lzo

second client config file:

client
dev tun1
proto tcp
remote 192.168.0.6 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client2.crt
key /etc/openvpn/keys/clientreq2.key
comp-lzo

and some logs, from client 1: http://pastie.org/private/zi4mriitd29tdozr6ag23a from client 2: http://pastie.org/private/8wcp8btzuv1m9bpobzr3lw

And log from OpenVPN server on windows: http://pastie.org/private/hxogfktvik7yqsraajn5q

Am I right that now my connections are restarted? How can I allow for multiple VPN connections from single client to OpenVPN server?

Brian Brown

Posted 2014-03-02T16:38:08.320

Reputation: 137

I am trying a similar thing (many OpenVPN tunnels between 1 client host and 1 server host). And I get the same problem, the first tunnel is established successfully, but when trying to establish the second tunnel - the entire sequence works fine, except the very last bit of it: the "/sbin/ip route add ..." command fails. Has anyone found the remedy? – Alexey Polonsky – 2016-06-13T13:26:27.610

I don't know what you hope to achieve by this, but the easiest way to establish many tunnels between two devices is to setup many OpenVPN instances, each on a different port. Then connect to those server instances. – bjanssen – 2014-03-02T17:17:20.090

@bjanssen: seems like a very complicated non-automatized solution. Is there really any other way to make it easier? I mean, I want to have only one server, and one client. Client should be able to establish 100 or more connections with server. – Brian Brown – 2014-03-02T18:52:35.547

I still fail to understand what you hope to achieve by this. Do you really want to establish hundreds of VPN connections between two machines or do you want to establish hundreds of connections through a VPN tunnel? The latter is trivial, the former would work like I suggested. Writing a script that automates this would be easy. – bjanssen – 2014-03-05T06:56:00.280

Answers

2

Since both clients have separate keys (and that's the way you are supposed to do it) you won't encounter any issue with both of them connected to the OpenVPN server at once.

The following limits the number of OpenVPN clients that can connect to a single server:

  • the pool of IP addresses you set aside for the VPN (each client takes 2)
  • if you have a max-clients in your server .ovpn file limiting
  • if you don't have a duplicate-cn in your server .ovpn file, each client certificate can only be connected once.
  • the amount of CPU/RAM on the OpenVPN server.

So if you want 1000 clients connected to your server, spec your server hardware accordingly. On my 1Ghz ARM-based system each connected client consumes about 20% of the CPU. I imagine you'll need some powerful hardware to run 1000 clients at once.

LawrenceC

Posted 2014-03-02T16:38:08.320

Reputation: 63 487

Asked: 2014-03-02T16:38:08.320

Viewed: 10 360 times

Active: 2014-03-02T19:09:21.513