Creating Multiple OPEN VPN Connections in One Machine (With Single VPN Server)











up vote
-1
down vote

favorite












I am trying to do an experiment to see the possibilities of creating multiple VPN tunnels (OPEN VPN) in one linux machine.



I have used a Raspeberry Pi for this purpose.



Following are steps which I have performed,




  1. Bootup fresh Raspbian OS

  2. Downloaded two different Open VPN locked profiles (.ovpn) files from my VPN server (VPN AS) - Both VPN profiles are from ONE OpenVPN server.


  3. Initiated 2 open vpn connections using two different terminals with following command,



    sudo openvpn --config /etc/openvpn/testOne.ovpn



    sudo openvpn --config /etc/openvpn/testTwo.ovpn




Then what happend was,
Since I have initiated testOne profile first, it created successfully,



I was able to get following output in the terminal.



pi@raspberrypi:/etc/openvpn $ sudo openvpn --config /etc/openvpn/testOne.ovpn

Fri Nov  9 14:40:06 2018 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017

Fri Nov  9 14:40:06 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08

Enter Auth Username: testOne

Enter Auth Password: ********

Fri Nov  9 14:40:13 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Nov  9 14:40:13 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Nov  9 14:40:13 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.yy.147.201:1194

Fri Nov  9 14:40:13 2018 Socket Buffers: R=[163840->200000] S=[163840->200000]

Fri Nov  9 14:40:13 2018 UDP link local: (not bound)

Fri Nov  9 14:40:13 2018 UDP link remote: [AF_INET]xx.yy.147.201:1194

Fri Nov  9 14:40:13 2018 TLS: Initial packet from [AF_INET]xx.yy.147.201:1194, sid=ceaac257 4e7e0e2d

Fri Nov  9 14:40:13 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Fri Nov  9 14:40:14 2018 VERIFY OK: depth=1, CN=OpenVPN CA

Fri Nov  9 14:40:14 2018 VERIFY OK: nsCertType=SERVER

Fri Nov  9 14:40:14 2018 VERIFY OK: depth=0, CN=OpenVPN Server

Fri Nov  9 14:40:14 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Fri Nov  9 14:40:14 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]xx.yy.147.201:1194

Fri Nov  9 14:40:16 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)

Fri Nov  9 14:40:16 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 10.0.0.1,route 172.27.224.0 255.255.240.0,route 172.31.0.0 255.255.0.0,dhcp-option DNS 172.31.0.2,register-dns,block-ipv6,ifconfig 10.10.30.11 255.192.0.0,peer-id 0,cipher AES-256-GCM'

Fri Nov  9 14:40:16 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 

Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)

Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)

Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)

Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.4.0)

Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.4.0)

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: timers and/or timeouts modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: explicit notify parm(s) modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: compression parms modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ifconfig/up options modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route options modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route-related options modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: peer-id set

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: adjusting link_mtu to 1625

Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: data channel crypto options modified

Fri Nov  9 14:40:16 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Nov  9 14:40:16 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Nov  9 14:40:16 2018 ROUTE_GATEWAY 192.168.37.1/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:6d:bb:7f

Fri Nov  9 14:40:16 2018 TUN/TAP device tun0 opened

Fri Nov  9 14:40:16 2018 TUN/TAP TX queue length set to 100

Fri Nov  9 14:40:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Fri Nov  9 14:40:16 2018 /sbin/ip link set dev tun0 up mtu 1500

Fri Nov  9 14:40:16 2018 /sbin/ip addr add dev tun0 10.10.30.11/10 broadcast 10.63.255.255

Fri Nov  9 14:40:21 2018 ROUTE remote_host is NOT LOCAL

Fri Nov  9 14:40:21 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1

Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1

Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1

Fri Nov  9 14:40:21 2018 Initialization Sequence Completed


Then in the 2nd terminal where I initiated vpn connections with testTwo client profile I got following error at the end



Fri Nov  9 14:43:39 2018 TUN/TAP device tun1 opened

Fri Nov  9 14:43:39 2018 TUN/TAP TX queue length set to 100

Fri Nov  9 14:43:39 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Fri Nov  9 14:43:39 2018 /sbin/ip link set dev tun1 up mtu 1500

Fri Nov  9 14:43:39 2018 /sbin/ip addr add dev tun1 10.10.30.12/10 broadcast 10.63.255.255

Fri Nov  9 14:43:44 2018 ROUTE remote_host is NOT LOCAL

Fri Nov  9 14:43:44 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1

RTNETLINK answers: File exists

Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2

Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1

RTNETLINK answers: File exists

Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2

Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1

RTNETLINK answers: File exists

Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2

Fri Nov  9 14:43:44 2018 Initialization Sequence Completed


However, 2 VPN tunnels got created successfully, because I can see following in ifconfig



pi@raspberrypi:~/webapps $ ifconfig

eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        ether b8:27:eb:38:ee:2a  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 10  bytes 973 (973.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 10  bytes 973 (973.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500

        inet 10.10.30.11  netmask 255.192.0.0  destination 10.10.30.11

        inet6 fe80::5e09:381c:7dc6:e5f8  prefixlen 64  scopeid 0x20<link>

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 7  bytes 336 (336.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500

        inet 10.10.30.12  netmask 255.192.0.0  destination 10.10.30.12

        inet6 fe80::6b93:6e73:f131:14fe  prefixlen 64  scopeid 0x20<link>

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 6  bytes 288 (288.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.37.33  netmask 255.255.255.0  broadcast 192.168.37.255

        inet6 fe80::7c9f:604:8812:afa1  prefixlen 64  scopeid 0x20<link>

        ether b8:27:eb:6d:bb:7f  txqueuelen 1000  (Ethernet)

        RX packets 8582  bytes 735254 (718.0 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 5506  bytes 781201 (762.8 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Following is my route -n output (in raspberryPi),



pi@raspberrypi:~/webapps $ route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.37.1    0.0.0.0         UG    303    0        0 wlan0

10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun0

10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun1

xx.yy.147.201   192.168.37.1    255.255.255.255 UGH   0      0        0 wlan0

172.27.224.0    10.0.0.1        255.255.240.0   UG    101    0        0 tun0

172.31.0.0      10.0.0.1        255.255.0.0     UG    101    0        0 tun0

192.168.37.0    0.0.0.0         255.255.255.0   U     303    0        0 wlan0


When I was creating second VPN tunnel the failure was : 



Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2

Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1


I think this is happening because, when creating first tunnel (tun0), it add same record into the route table. Now when open VPN tries to add same route record into route table it failed due to duplicate records.



Then, I used another Linux machine and conneced to same VPN using another VPN profile (testThree) and tried to ping to above created two tunnels,



ping 10.10.30.11  -> leads to tun0

ping 10.10.30.12  -> leads to tun1


But I was only able to ping to tun0 (10.10.30.11) - the successfully created VPN tunnel without any error.



tun1 (10.10.30.12) cannot be reached.



Traceroute from linux machine to RaspberryPi was as follows,



knuck@knuck-hp1:~/code$ traceroute 10.10.30.11

traceroute to 10.10.30.11 (10.10.30.11), 30 hops max, 60 byte packets

 1  172.27.232.1 (172.27.232.1)  169.954 ms  169.965 ms  170.128 ms

 2  10.10.30.11 (10.10.30.11)  343.099 ms  345.267 ms  345.392 ms





knuck@knuck-hp1:~/code$ traceroute 10.10.30.12

traceroute to 10.10.30.12 (10.10.30.12), 30 hops max, 60 byte packets

 1  172.27.232.1 (172.27.232.1)  165.704 ms  165.986 ms  166.193 ms

 2  * * *

 3  * * *

 4  * * *

 5  * * *

 6  * * *

 7  *^C


My VPN server's route tables was as follows,



openvpnas@ip-10-0-1-210:~$ sudo route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         172.31.0.1      0.0.0.0         UG    0      0        0 eth0

10.10.20.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1

10.10.30.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1

10.10.30.12     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1

172.27.224.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t0

172.27.232.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t1

172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0


All three VPN profiles I used has following properties from the VPN server side,




  1. Static IP addressing

  2. Addressing method : NAT

  3. Use as Gateway Gateway : False

  4. Inter-Client Communication : True

  5. Client Internet traffic be routed through the VPN : False


What am I doing wrong here ? OR is this can't we have multiple VPN connections from the same VPN server at all ?



Some Post Notes:



I want to try this because I need to understand how a single VPN server's resource usage (scalability aspects) with higher number of VPN connections.
Let's say if we have 500+ VPN connections simultaneously then it is not feasible to have 500 different nodes to simulate this environment. Therefore I thought of creating multiple VPN tunnels in one machine and test the behavior.






routes vpn openvpn







share|improve this question


























    up vote
    -1
    down vote

    favorite












    I am trying to do an experiment to see the possibilities of creating multiple VPN tunnels (OPEN VPN) in one linux machine.



    I have used a Raspeberry Pi for this purpose.



    Following are steps which I have performed,




    1. Bootup fresh Raspbian OS

    2. Downloaded two different Open VPN locked profiles (.ovpn) files from my VPN server (VPN AS) - Both VPN profiles are from ONE OpenVPN server.


    3. Initiated 2 open vpn connections using two different terminals with following command,



      sudo openvpn --config /etc/openvpn/testOne.ovpn



      sudo openvpn --config /etc/openvpn/testTwo.ovpn




    Then what happend was,
    Since I have initiated testOne profile first, it created successfully,



    I was able to get following output in the terminal.



    pi@raspberrypi:/etc/openvpn $ sudo openvpn --config /etc/openvpn/testOne.ovpn
    
Fri Nov  9 14:40:06 2018 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
    
Fri Nov  9 14:40:06 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
    
Enter Auth Username: testOne
    
Enter Auth Password: ********
    
Fri Nov  9 14:40:13 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    
Fri Nov  9 14:40:13 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    
Fri Nov  9 14:40:13 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.yy.147.201:1194
    
Fri Nov  9 14:40:13 2018 Socket Buffers: R=[163840->200000] S=[163840->200000]
    
Fri Nov  9 14:40:13 2018 UDP link local: (not bound)
    
Fri Nov  9 14:40:13 2018 UDP link remote: [AF_INET]xx.yy.147.201:1194
    
Fri Nov  9 14:40:13 2018 TLS: Initial packet from [AF_INET]xx.yy.147.201:1194, sid=ceaac257 4e7e0e2d
    
Fri Nov  9 14:40:13 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    
Fri Nov  9 14:40:14 2018 VERIFY OK: depth=1, CN=OpenVPN CA
    
Fri Nov  9 14:40:14 2018 VERIFY OK: nsCertType=SERVER
    
Fri Nov  9 14:40:14 2018 VERIFY OK: depth=0, CN=OpenVPN Server
    
Fri Nov  9 14:40:14 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    
Fri Nov  9 14:40:14 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]xx.yy.147.201:1194
    
Fri Nov  9 14:40:16 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
    
Fri Nov  9 14:40:16 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 10.0.0.1,route 172.27.224.0 255.255.240.0,route 172.31.0.0 255.255.0.0,dhcp-option DNS 172.31.0.2,register-dns,block-ipv6,ifconfig 10.10.30.11 255.192.0.0,peer-id 0,cipher AES-256-GCM'
    
Fri Nov  9 14:40:16 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
    
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
    
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
    
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
    
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.4.0)
    
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.4.0)
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: timers and/or timeouts modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: explicit notify parm(s) modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: compression parms modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ifconfig/up options modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route options modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route-related options modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: peer-id set
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
    
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: data channel crypto options modified
    
Fri Nov  9 14:40:16 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
    
Fri Nov  9 14:40:16 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
    
Fri Nov  9 14:40:16 2018 ROUTE_GATEWAY 192.168.37.1/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:6d:bb:7f
    
Fri Nov  9 14:40:16 2018 TUN/TAP device tun0 opened
    
Fri Nov  9 14:40:16 2018 TUN/TAP TX queue length set to 100
    
Fri Nov  9 14:40:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    
Fri Nov  9 14:40:16 2018 /sbin/ip link set dev tun0 up mtu 1500
    
Fri Nov  9 14:40:16 2018 /sbin/ip addr add dev tun0 10.10.30.11/10 broadcast 10.63.255.255
    
Fri Nov  9 14:40:21 2018 ROUTE remote_host is NOT LOCAL
    
Fri Nov  9 14:40:21 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1
    
Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1
    
Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1
    
Fri Nov  9 14:40:21 2018 Initialization Sequence Completed


    Then in the 2nd terminal where I initiated vpn connections with testTwo client profile I got following error at the end



    Fri Nov  9 14:43:39 2018 TUN/TAP device tun1 opened
    
Fri Nov  9 14:43:39 2018 TUN/TAP TX queue length set to 100
    
Fri Nov  9 14:43:39 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    
Fri Nov  9 14:43:39 2018 /sbin/ip link set dev tun1 up mtu 1500
    
Fri Nov  9 14:43:39 2018 /sbin/ip addr add dev tun1 10.10.30.12/10 broadcast 10.63.255.255
    
Fri Nov  9 14:43:44 2018 ROUTE remote_host is NOT LOCAL
    
Fri Nov  9 14:43:44 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1
    
RTNETLINK answers: File exists
    
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
    
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1
    
RTNETLINK answers: File exists
    
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
    
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1
    
RTNETLINK answers: File exists
    
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
    
Fri Nov  9 14:43:44 2018 Initialization Sequence Completed


    However, 2 VPN tunnels got created successfully, because I can see following in ifconfig



    pi@raspberrypi:~/webapps $ ifconfig
    
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
    
        ether b8:27:eb:38:ee:2a  txqueuelen 1000  (Ethernet)
    
        RX packets 0  bytes 0 (0.0 B)
    
        RX errors 0  dropped 0  overruns 0  frame 0
    
        TX packets 0  bytes 0 (0.0 B)
    
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    
        inet 127.0.0.1  netmask 255.0.0.0
    
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
    
        loop  txqueuelen 1000  (Local Loopback)
    
        RX packets 10  bytes 973 (973.0 B)
    
        RX errors 0  dropped 0  overruns 0  frame 0
    
        TX packets 10  bytes 973 (973.0 B)
    
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
    
        inet 10.10.30.11  netmask 255.192.0.0  destination 10.10.30.11
    
        inet6 fe80::5e09:381c:7dc6:e5f8  prefixlen 64  scopeid 0x20<link>
    
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
    
        RX packets 0  bytes 0 (0.0 B)
    
        RX errors 0  dropped 0  overruns 0  frame 0
    
        TX packets 7  bytes 336 (336.0 B)
    
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
    
        inet 10.10.30.12  netmask 255.192.0.0  destination 10.10.30.12
    
        inet6 fe80::6b93:6e73:f131:14fe  prefixlen 64  scopeid 0x20<link>
    
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
    
        RX packets 0  bytes 0 (0.0 B)
    
        RX errors 0  dropped 0  overruns 0  frame 0
    
        TX packets 6  bytes 288 (288.0 B)
    
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    
        inet 192.168.37.33  netmask 255.255.255.0  broadcast 192.168.37.255
    
        inet6 fe80::7c9f:604:8812:afa1  prefixlen 64  scopeid 0x20<link>
    
        ether b8:27:eb:6d:bb:7f  txqueuelen 1000  (Ethernet)
    
        RX packets 8582  bytes 735254 (718.0 KiB)
    
        RX errors 0  dropped 0  overruns 0  frame 0
    
        TX packets 5506  bytes 781201 (762.8 KiB)
    
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


    Following is my route -n output (in raspberryPi),



    pi@raspberrypi:~/webapps $ route -n
    
Kernel IP routing table
    
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    
0.0.0.0         192.168.37.1    0.0.0.0         UG    303    0        0 wlan0
    
10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun0
    
10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun1
    
xx.yy.147.201   192.168.37.1    255.255.255.255 UGH   0      0        0 wlan0
    
172.27.224.0    10.0.0.1        255.255.240.0   UG    101    0        0 tun0
    
172.31.0.0      10.0.0.1        255.255.0.0     UG    101    0        0 tun0
    
192.168.37.0    0.0.0.0         255.255.255.0   U     303    0        0 wlan0


    When I was creating second VPN tunnel the failure was : 



    Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
    
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1


    I think this is happening because, when creating first tunnel (tun0), it add same record into the route table. Now when open VPN tries to add same route record into route table it failed due to duplicate records.



    Then, I used another Linux machine and conneced to same VPN using another VPN profile (testThree) and tried to ping to above created two tunnels,



    ping 10.10.30.11  -> leads to tun0
    
ping 10.10.30.12  -> leads to tun1


    But I was only able to ping to tun0 (10.10.30.11) - the successfully created VPN tunnel without any error.



    tun1 (10.10.30.12) cannot be reached.



    Traceroute from linux machine to RaspberryPi was as follows,



    knuck@knuck-hp1:~/code$ traceroute 10.10.30.11
    
traceroute to 10.10.30.11 (10.10.30.11), 30 hops max, 60 byte packets
    
 1  172.27.232.1 (172.27.232.1)  169.954 ms  169.965 ms  170.128 ms
    
 2  10.10.30.11 (10.10.30.11)  343.099 ms  345.267 ms  345.392 ms
    

    

    
knuck@knuck-hp1:~/code$ traceroute 10.10.30.12
    
traceroute to 10.10.30.12 (10.10.30.12), 30 hops max, 60 byte packets
    
 1  172.27.232.1 (172.27.232.1)  165.704 ms  165.986 ms  166.193 ms
    
 2  * * *
    
 3  * * *
    
 4  * * *
    
 5  * * *
    
 6  * * *
    
 7  *^C


    My VPN server's route tables was as follows,



    openvpnas@ip-10-0-1-210:~$ sudo route -n
    
Kernel IP routing table
    
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    
0.0.0.0         172.31.0.1      0.0.0.0         UG    0      0        0 eth0
    
10.10.20.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
    
10.10.30.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
    
10.10.30.12     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
    
172.27.224.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t0
    
172.27.232.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t1
    
172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0


    All three VPN profiles I used has following properties from the VPN server side,




    1. Static IP addressing

    2. Addressing method : NAT

    3. Use as Gateway Gateway : False

    4. Inter-Client Communication : True

    5. Client Internet traffic be routed through the VPN : False


    What am I doing wrong here ? OR is this can't we have multiple VPN connections from the same VPN server at all ?



    Some Post Notes:



    I want to try this because I need to understand how a single VPN server's resource usage (scalability aspects) with higher number of VPN connections.
    Let's say if we have 500+ VPN connections simultaneously then it is not feasible to have 500 different nodes to simulate this environment. Therefore I thought of creating multiple VPN tunnels in one machine and test the behavior.






    routes vpn openvpn







    share|improve this question
























      up vote
      -1
      down vote

      favorite









      up vote
      -1
      down vote

      favorite











      I am trying to do an experiment to see the possibilities of creating multiple VPN tunnels (OPEN VPN) in one linux machine.



      I have used a Raspeberry Pi for this purpose.



      Following are steps which I have performed,




      1. Bootup fresh Raspbian OS

      2. Downloaded two different Open VPN locked profiles (.ovpn) files from my VPN server (VPN AS) - Both VPN profiles are from ONE OpenVPN server.


      3. Initiated 2 open vpn connections using two different terminals with following command,



        sudo openvpn --config /etc/openvpn/testOne.ovpn



        sudo openvpn --config /etc/openvpn/testTwo.ovpn




      Then what happend was,
      Since I have initiated testOne profile first, it created successfully,



      I was able to get following output in the terminal.



      pi@raspberrypi:/etc/openvpn $ sudo openvpn --config /etc/openvpn/testOne.ovpn
      
Fri Nov  9 14:40:06 2018 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
      
Fri Nov  9 14:40:06 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
      
Enter Auth Username: testOne
      
Enter Auth Password: ********
      
Fri Nov  9 14:40:13 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      
Fri Nov  9 14:40:13 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      
Fri Nov  9 14:40:13 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.yy.147.201:1194
      
Fri Nov  9 14:40:13 2018 Socket Buffers: R=[163840->200000] S=[163840->200000]
      
Fri Nov  9 14:40:13 2018 UDP link local: (not bound)
      
Fri Nov  9 14:40:13 2018 UDP link remote: [AF_INET]xx.yy.147.201:1194
      
Fri Nov  9 14:40:13 2018 TLS: Initial packet from [AF_INET]xx.yy.147.201:1194, sid=ceaac257 4e7e0e2d
      
Fri Nov  9 14:40:13 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      
Fri Nov  9 14:40:14 2018 VERIFY OK: depth=1, CN=OpenVPN CA
      
Fri Nov  9 14:40:14 2018 VERIFY OK: nsCertType=SERVER
      
Fri Nov  9 14:40:14 2018 VERIFY OK: depth=0, CN=OpenVPN Server
      
Fri Nov  9 14:40:14 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
      
Fri Nov  9 14:40:14 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]xx.yy.147.201:1194
      
Fri Nov  9 14:40:16 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
      
Fri Nov  9 14:40:16 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 10.0.0.1,route 172.27.224.0 255.255.240.0,route 172.31.0.0 255.255.0.0,dhcp-option DNS 172.31.0.2,register-dns,block-ipv6,ifconfig 10.10.30.11 255.192.0.0,peer-id 0,cipher AES-256-GCM'
      
Fri Nov  9 14:40:16 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.4.0)
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: timers and/or timeouts modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: explicit notify parm(s) modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: compression parms modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ifconfig/up options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route-related options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: peer-id set
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: data channel crypto options modified
      
Fri Nov  9 14:40:16 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
      
Fri Nov  9 14:40:16 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
      
Fri Nov  9 14:40:16 2018 ROUTE_GATEWAY 192.168.37.1/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:6d:bb:7f
      
Fri Nov  9 14:40:16 2018 TUN/TAP device tun0 opened
      
Fri Nov  9 14:40:16 2018 TUN/TAP TX queue length set to 100
      
Fri Nov  9 14:40:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      
Fri Nov  9 14:40:16 2018 /sbin/ip link set dev tun0 up mtu 1500
      
Fri Nov  9 14:40:16 2018 /sbin/ip addr add dev tun0 10.10.30.11/10 broadcast 10.63.255.255
      
Fri Nov  9 14:40:21 2018 ROUTE remote_host is NOT LOCAL
      
Fri Nov  9 14:40:21 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1
      
Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1
      
Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1
      
Fri Nov  9 14:40:21 2018 Initialization Sequence Completed


      Then in the 2nd terminal where I initiated vpn connections with testTwo client profile I got following error at the end



      Fri Nov  9 14:43:39 2018 TUN/TAP device tun1 opened
      
Fri Nov  9 14:43:39 2018 TUN/TAP TX queue length set to 100
      
Fri Nov  9 14:43:39 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      
Fri Nov  9 14:43:39 2018 /sbin/ip link set dev tun1 up mtu 1500
      
Fri Nov  9 14:43:39 2018 /sbin/ip addr add dev tun1 10.10.30.12/10 broadcast 10.63.255.255
      
Fri Nov  9 14:43:44 2018 ROUTE remote_host is NOT LOCAL
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1
      
RTNETLINK answers: File exists
      
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1
      
RTNETLINK answers: File exists
      
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1
      
RTNETLINK answers: File exists
      
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 Initialization Sequence Completed


      However, 2 VPN tunnels got created successfully, because I can see following in ifconfig



      pi@raspberrypi:~/webapps $ ifconfig
      
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
      
        ether b8:27:eb:38:ee:2a  txqueuelen 1000  (Ethernet)
      
        RX packets 0  bytes 0 (0.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 0  bytes 0 (0.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
      
        inet 127.0.0.1  netmask 255.0.0.0
      
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
      
        loop  txqueuelen 1000  (Local Loopback)
      
        RX packets 10  bytes 973 (973.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 10  bytes 973 (973.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
      
        inet 10.10.30.11  netmask 255.192.0.0  destination 10.10.30.11
      
        inet6 fe80::5e09:381c:7dc6:e5f8  prefixlen 64  scopeid 0x20<link>
      
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
      
        RX packets 0  bytes 0 (0.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 7  bytes 336 (336.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
      
        inet 10.10.30.12  netmask 255.192.0.0  destination 10.10.30.12
      
        inet6 fe80::6b93:6e73:f131:14fe  prefixlen 64  scopeid 0x20<link>
      
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
      
        RX packets 0  bytes 0 (0.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 6  bytes 288 (288.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
      
        inet 192.168.37.33  netmask 255.255.255.0  broadcast 192.168.37.255
      
        inet6 fe80::7c9f:604:8812:afa1  prefixlen 64  scopeid 0x20<link>
      
        ether b8:27:eb:6d:bb:7f  txqueuelen 1000  (Ethernet)
      
        RX packets 8582  bytes 735254 (718.0 KiB)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 5506  bytes 781201 (762.8 KiB)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


      Following is my route -n output (in raspberryPi),



      pi@raspberrypi:~/webapps $ route -n
      
Kernel IP routing table
      
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      
0.0.0.0         192.168.37.1    0.0.0.0         UG    303    0        0 wlan0
      
10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun0
      
10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun1
      
xx.yy.147.201   192.168.37.1    255.255.255.255 UGH   0      0        0 wlan0
      
172.27.224.0    10.0.0.1        255.255.240.0   UG    101    0        0 tun0
      
172.31.0.0      10.0.0.1        255.255.0.0     UG    101    0        0 tun0
      
192.168.37.0    0.0.0.0         255.255.255.0   U     303    0        0 wlan0


      When I was creating second VPN tunnel the failure was : 



      Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1


      I think this is happening because, when creating first tunnel (tun0), it add same record into the route table. Now when open VPN tries to add same route record into route table it failed due to duplicate records.



      Then, I used another Linux machine and conneced to same VPN using another VPN profile (testThree) and tried to ping to above created two tunnels,



      ping 10.10.30.11  -> leads to tun0
      
ping 10.10.30.12  -> leads to tun1


      But I was only able to ping to tun0 (10.10.30.11) - the successfully created VPN tunnel without any error.



      tun1 (10.10.30.12) cannot be reached.



      Traceroute from linux machine to RaspberryPi was as follows,



      knuck@knuck-hp1:~/code$ traceroute 10.10.30.11
      
traceroute to 10.10.30.11 (10.10.30.11), 30 hops max, 60 byte packets
      
 1  172.27.232.1 (172.27.232.1)  169.954 ms  169.965 ms  170.128 ms
      
 2  10.10.30.11 (10.10.30.11)  343.099 ms  345.267 ms  345.392 ms
      

      

      
knuck@knuck-hp1:~/code$ traceroute 10.10.30.12
      
traceroute to 10.10.30.12 (10.10.30.12), 30 hops max, 60 byte packets
      
 1  172.27.232.1 (172.27.232.1)  165.704 ms  165.986 ms  166.193 ms
      
 2  * * *
      
 3  * * *
      
 4  * * *
      
 5  * * *
      
 6  * * *
      
 7  *^C


      My VPN server's route tables was as follows,



      openvpnas@ip-10-0-1-210:~$ sudo route -n
      
Kernel IP routing table
      
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      
0.0.0.0         172.31.0.1      0.0.0.0         UG    0      0        0 eth0
      
10.10.20.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
      
10.10.30.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
      
10.10.30.12     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
      
172.27.224.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t0
      
172.27.232.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t1
      
172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0


      All three VPN profiles I used has following properties from the VPN server side,




      1. Static IP addressing

      2. Addressing method : NAT

      3. Use as Gateway Gateway : False

      4. Inter-Client Communication : True

      5. Client Internet traffic be routed through the VPN : False


      What am I doing wrong here ? OR is this can't we have multiple VPN connections from the same VPN server at all ?



      Some Post Notes:



      I want to try this because I need to understand how a single VPN server's resource usage (scalability aspects) with higher number of VPN connections.
      Let's say if we have 500+ VPN connections simultaneously then it is not feasible to have 500 different nodes to simulate this environment. Therefore I thought of creating multiple VPN tunnels in one machine and test the behavior.






      routes vpn openvpn







      share|improve this question













      I am trying to do an experiment to see the possibilities of creating multiple VPN tunnels (OPEN VPN) in one linux machine.



      I have used a Raspeberry Pi for this purpose.



      Following are steps which I have performed,




      1. Bootup fresh Raspbian OS

      2. Downloaded two different Open VPN locked profiles (.ovpn) files from my VPN server (VPN AS) - Both VPN profiles are from ONE OpenVPN server.


      3. Initiated 2 open vpn connections using two different terminals with following command,



        sudo openvpn --config /etc/openvpn/testOne.ovpn



        sudo openvpn --config /etc/openvpn/testTwo.ovpn




      Then what happend was,
      Since I have initiated testOne profile first, it created successfully,



      I was able to get following output in the terminal.



      pi@raspberrypi:/etc/openvpn $ sudo openvpn --config /etc/openvpn/testOne.ovpn
      
Fri Nov  9 14:40:06 2018 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
      
Fri Nov  9 14:40:06 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
      
Enter Auth Username: testOne
      
Enter Auth Password: ********
      
Fri Nov  9 14:40:13 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      
Fri Nov  9 14:40:13 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
      
Fri Nov  9 14:40:13 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.yy.147.201:1194
      
Fri Nov  9 14:40:13 2018 Socket Buffers: R=[163840->200000] S=[163840->200000]
      
Fri Nov  9 14:40:13 2018 UDP link local: (not bound)
      
Fri Nov  9 14:40:13 2018 UDP link remote: [AF_INET]xx.yy.147.201:1194
      
Fri Nov  9 14:40:13 2018 TLS: Initial packet from [AF_INET]xx.yy.147.201:1194, sid=ceaac257 4e7e0e2d
      
Fri Nov  9 14:40:13 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      
Fri Nov  9 14:40:14 2018 VERIFY OK: depth=1, CN=OpenVPN CA
      
Fri Nov  9 14:40:14 2018 VERIFY OK: nsCertType=SERVER
      
Fri Nov  9 14:40:14 2018 VERIFY OK: depth=0, CN=OpenVPN Server
      
Fri Nov  9 14:40:14 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
      
Fri Nov  9 14:40:14 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]xx.yy.147.201:1194
      
Fri Nov  9 14:40:16 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
      
Fri Nov  9 14:40:16 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 10.0.0.1,route 172.27.224.0 255.255.240.0,route 172.31.0.0 255.255.0.0,dhcp-option DNS 172.31.0.2,register-dns,block-ipv6,ifconfig 10.10.30.11 255.192.0.0,peer-id 0,cipher AES-256-GCM'
      
Fri Nov  9 14:40:16 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.4.0)
      
Fri Nov  9 14:40:16 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.4.0)
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: timers and/or timeouts modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: explicit notify parm(s) modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: compression parms modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ifconfig/up options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: route-related options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: peer-id set
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
      
Fri Nov  9 14:40:16 2018 OPTIONS IMPORT: data channel crypto options modified
      
Fri Nov  9 14:40:16 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
      
Fri Nov  9 14:40:16 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
      
Fri Nov  9 14:40:16 2018 ROUTE_GATEWAY 192.168.37.1/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:6d:bb:7f
      
Fri Nov  9 14:40:16 2018 TUN/TAP device tun0 opened
      
Fri Nov  9 14:40:16 2018 TUN/TAP TX queue length set to 100
      
Fri Nov  9 14:40:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      
Fri Nov  9 14:40:16 2018 /sbin/ip link set dev tun0 up mtu 1500
      
Fri Nov  9 14:40:16 2018 /sbin/ip addr add dev tun0 10.10.30.11/10 broadcast 10.63.255.255
      
Fri Nov  9 14:40:21 2018 ROUTE remote_host is NOT LOCAL
      
Fri Nov  9 14:40:21 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1
      
Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1
      
Fri Nov  9 14:40:21 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1
      
Fri Nov  9 14:40:21 2018 Initialization Sequence Completed


      Then in the 2nd terminal where I initiated vpn connections with testTwo client profile I got following error at the end



      Fri Nov  9 14:43:39 2018 TUN/TAP device tun1 opened
      
Fri Nov  9 14:43:39 2018 TUN/TAP TX queue length set to 100
      
Fri Nov  9 14:43:39 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      
Fri Nov  9 14:43:39 2018 /sbin/ip link set dev tun1 up mtu 1500
      
Fri Nov  9 14:43:39 2018 /sbin/ip addr add dev tun1 10.10.30.12/10 broadcast 10.63.255.255
      
Fri Nov  9 14:43:44 2018 ROUTE remote_host is NOT LOCAL
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add xx.yy.147.201/32 via 192.168.37.1
      
RTNETLINK answers: File exists
      
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1
      
RTNETLINK answers: File exists
      
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.31.0.0/16 metric 101 via 10.0.0.1
      
RTNETLINK answers: File exists
      
Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 Initialization Sequence Completed


      However, 2 VPN tunnels got created successfully, because I can see following in ifconfig



      pi@raspberrypi:~/webapps $ ifconfig
      
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
      
        ether b8:27:eb:38:ee:2a  txqueuelen 1000  (Ethernet)
      
        RX packets 0  bytes 0 (0.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 0  bytes 0 (0.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
      
        inet 127.0.0.1  netmask 255.0.0.0
      
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
      
        loop  txqueuelen 1000  (Local Loopback)
      
        RX packets 10  bytes 973 (973.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 10  bytes 973 (973.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
      
        inet 10.10.30.11  netmask 255.192.0.0  destination 10.10.30.11
      
        inet6 fe80::5e09:381c:7dc6:e5f8  prefixlen 64  scopeid 0x20<link>
      
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
      
        RX packets 0  bytes 0 (0.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 7  bytes 336 (336.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
      
        inet 10.10.30.12  netmask 255.192.0.0  destination 10.10.30.12
      
        inet6 fe80::6b93:6e73:f131:14fe  prefixlen 64  scopeid 0x20<link>
      
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
      
        RX packets 0  bytes 0 (0.0 B)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 6  bytes 288 (288.0 B)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
      
        inet 192.168.37.33  netmask 255.255.255.0  broadcast 192.168.37.255
      
        inet6 fe80::7c9f:604:8812:afa1  prefixlen 64  scopeid 0x20<link>
      
        ether b8:27:eb:6d:bb:7f  txqueuelen 1000  (Ethernet)
      
        RX packets 8582  bytes 735254 (718.0 KiB)
      
        RX errors 0  dropped 0  overruns 0  frame 0
      
        TX packets 5506  bytes 781201 (762.8 KiB)
      
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


      Following is my route -n output (in raspberryPi),



      pi@raspberrypi:~/webapps $ route -n
      
Kernel IP routing table
      
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      
0.0.0.0         192.168.37.1    0.0.0.0         UG    303    0        0 wlan0
      
10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun0
      
10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun1
      
xx.yy.147.201   192.168.37.1    255.255.255.255 UGH   0      0        0 wlan0
      
172.27.224.0    10.0.0.1        255.255.240.0   UG    101    0        0 tun0
      
172.31.0.0      10.0.0.1        255.255.0.0     UG    101    0        0 tun0
      
192.168.37.0    0.0.0.0         255.255.255.0   U     303    0        0 wlan0


      When I was creating second VPN tunnel the failure was : 



      Fri Nov  9 14:43:44 2018 ERROR: Linux route add command failed: external program exited with error status: 2
      
Fri Nov  9 14:43:44 2018 /sbin/ip route add 172.27.224.0/20 metric 101 via 10.0.0.1


      I think this is happening because, when creating first tunnel (tun0), it add same record into the route table. Now when open VPN tries to add same route record into route table it failed due to duplicate records.



      Then, I used another Linux machine and conneced to same VPN using another VPN profile (testThree) and tried to ping to above created two tunnels,



      ping 10.10.30.11  -> leads to tun0
      
ping 10.10.30.12  -> leads to tun1


      But I was only able to ping to tun0 (10.10.30.11) - the successfully created VPN tunnel without any error.



      tun1 (10.10.30.12) cannot be reached.



      Traceroute from linux machine to RaspberryPi was as follows,



      knuck@knuck-hp1:~/code$ traceroute 10.10.30.11
      
traceroute to 10.10.30.11 (10.10.30.11), 30 hops max, 60 byte packets
      
 1  172.27.232.1 (172.27.232.1)  169.954 ms  169.965 ms  170.128 ms
      
 2  10.10.30.11 (10.10.30.11)  343.099 ms  345.267 ms  345.392 ms
      

      

      
knuck@knuck-hp1:~/code$ traceroute 10.10.30.12
      
traceroute to 10.10.30.12 (10.10.30.12), 30 hops max, 60 byte packets
      
 1  172.27.232.1 (172.27.232.1)  165.704 ms  165.986 ms  166.193 ms
      
 2  * * *
      
 3  * * *
      
 4  * * *
      
 5  * * *
      
 6  * * *
      
 7  *^C


      My VPN server's route tables was as follows,



      openvpnas@ip-10-0-1-210:~$ sudo route -n
      
Kernel IP routing table
      
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      
0.0.0.0         172.31.0.1      0.0.0.0         UG    0      0        0 eth0
      
10.10.20.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
      
10.10.30.11     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
      
10.10.30.12     0.0.0.0         255.255.255.255 UH    0      0        0 as0t1
      
172.27.224.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t0
      
172.27.232.0    0.0.0.0         255.255.248.0   U     0      0        0 as0t1
      
172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0


      All three VPN profiles I used has following properties from the VPN server side,




      1. Static IP addressing

      2. Addressing method : NAT

      3. Use as Gateway Gateway : False

      4. Inter-Client Communication : True

      5. Client Internet traffic be routed through the VPN : False


      What am I doing wrong here ? OR is this can't we have multiple VPN connections from the same VPN server at all ?



      Some Post Notes:



      I want to try this because I need to understand how a single VPN server's resource usage (scalability aspects) with higher number of VPN connections.
      Let's say if we have 500+ VPN connections simultaneously then it is not feasible to have 500 different nodes to simulate this environment. Therefore I thought of creating multiple VPN tunnels in one machine and test the behavior.






      routes vpn openvpn




      routes vpn openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 9 at 10:44









      gbids

      1561113




      1561113





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53224204%2fcreating-multiple-open-vpn-connections-in-one-machine-with-single-vpn-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53224204%2fcreating-multiple-open-vpn-connections-in-one-machine-with-single-vpn-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          這個網誌中的熱門文章

          Academy of Television Arts & Sciences

          圖片
          American television organization Academy of Television Arts & Sciences Founded 1946 ; 73 years ago  ( 1946 ) Location North Hollywood, California, United States Area served Television industry Product Emmy Awards Key people Frank Scherma ( Chairman and CEO ) Website televisionacademy.com [redirects to emmys.com , official website of the Emmys and the Television Academy The Academy of Television Arts & Sciences ( ATAS ), also colloquially known as the Television Academy , is a professional honorary organization dedicated to the advancement of the television industry in the United States. Founded in 1946, the organization presents the Primetime Emmy Awards, an annual ceremony honoring achievement in U.S. primetime television. Contents 1 History 2 Emmy Award 3 Publications and programs 4 Current governance 4.1 Board of Governors 5 Television Academy honors 5.1 1st Annual (2008) 5.2 2nd Annual (2009)...
          閱讀完整內容

          L'Équipe

          圖片
          For other uses, see Équipe (disambiguation). L'Équipe The front page of L'Équipe on 4 July 2011 Type Daily newspaper Format Tabloid Owner(s) Éditions Philippe Amaury Editor François Morinière Editor-in-chief Fabrice Jouhaud Founded 1946 Language French Headquarters Boulogne-Billancourt ISSN 0153-1069 Website www.lequipe.fr L'Équipe ( pronounced  [lekip] , French for "the team") is a French nationwide daily newspaper devoted to sport, owned by Éditions Philippe Amaury. The paper is noted for coverage of association football , rugby, motorsport and cycling. Its predecessor was L'Auto , a general sports paper whose name reflected not any narrow interest but the excitement of the time in car racing. L'Auto originated the Tour de France cycling stage race in 1903 as a circulation booster. The race leader's yellow jersey (French: maillot jaune ) was instituted in 1919, probably to reflect the dist...
          閱讀完整內容

          1995 France bombings

          圖片
          This article is a rough translation from French . It may have been generated by a computer or by a translator without dual proficiency. Please help to enhance the translation. The original article is under "français" in the "languages" sidebar. See this article's entry on Pages needing translation into English for discussion. 1995 France bombings Part of Algerian Civil War (spillover) Plaque commemorating the victims of the Saint-Michel station bombing on 25 July 1995 Location Paris and Lyon, France Date 25 July 1995  ( 1995-07-25 ) – 17 October 1995  ( 1995-10-17 ) Weapons Improvised explosive devices, school bombing Deaths 8 Non-fatal injuries 157 Perpetrator Armed Islamic Group Motive To induce the French government to withdraw support from the Algerian government during the Algerian Civil War The 1995 bombings in France were carried out by the Armed Islamic Group (GIA), who were broadening the Alger...
          閱讀完整內容