openvpn-install icon indicating copy to clipboard operation
openvpn-install copied to clipboard

Published 20 hours ago verified publisher icon angristan

Provide multiple hostnames/IP addresses for clients

Open AMDBartek opened this issue 4 years ago • 10 comments

Have the option to provide multiple ports and hostnames/IP addresses while installing OpenVPN using the script.

This would be useful if a place has a firewall and the default port is blocked but you provided multiple ports so it can use another port that you provided like 443 or 80. It could also be useful if a firewall blocks hostnames because it can use a provided IP address to directly connect without the hostname.

This feature would be extremely useful for me so I would be very grateful if this could be implemented.

AMDBartek avatar Mar 17 '20 00:03 AMDBartek

For the ports: https://github.com/angristan/openvpn-install/issues/542

For the hostname/IP, this is on the client side, not something that the script can manage except upon creation

angristan avatar Mar 18 '20 14:03 angristan

@angristan I mean while installing OpenVPN (upon creation) using the script, where it asks you to give a IP/hostname there should be an option to provide multiple IPs/hostnames, sorry for the confusion.

AMDBartek avatar Mar 18 '20 23:03 AMDBartek

@AMDBartek okay, but what would you do with multiple IPs/hostnames?

angristan avatar Mar 19 '20 16:03 angristan

@angristan, For example, a computer has multiple external IP addresses/hostnames and one of the IP addresses/hostnames gets blocked by a firewall on a network that you don't own you could connect with the other IP addresses/hostnames. I would appreciate this being added to the script.

AMDBartek avatar Mar 19 '20 19:03 AMDBartek

Yes but that is simply not supported by OpenVPN.

angristan avatar Mar 19 '20 19:03 angristan

But if my computer has multiple external IP addresses/hostnames couldn't I connect from both of them?

AMDBartek avatar Mar 19 '20 19:03 AMDBartek

It is supported by OpenVPN, the client-template.txt file could contain something like this as the client ovpn file can have multiple remote listed and I don't see why this couldn't be implemented in the script. Down below is an example of a client ovpn file with multiple remote listed:

client
proto udp
remote hostname1.example.com 443
remote hostname2.example.com 443
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_EEFghRTwEmCTByUu name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

AMDBartek avatar Mar 19 '20 19:03 AMDBartek

Thanks, you're correct indeed:

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

On the client, multiple –remote options may be specified for redundancy, each referring to a different OpenVPN server.

angristan avatar Mar 19 '20 22:03 angristan

I don't think it's a very common use case with a private openvpn server but maybe it can be useful for #464

@AMDBartek you can edit /etc/openvpn/client-template.txt to include this option on new profiles.

randshell avatar Jun 30 '20 11:06 randshell

Nowadays each Server/VPS comes with about 1-IPv4 at least. Installing on multiple servers will increase the security instead of using one server to centralize everything @angristan ?

moonprogrammer avatar Aug 10 '20 09:08 moonprogrammer