I currently use a windows server. This windows server retrieves data from a remote database, and therefore is connected to the remote VPN server permanently. So we use openVPN in client mode with certificates provided by the remote server.
Now, we would like to allow employees to connect remotely. Typicaly homeworking or work during conferences. That is why we would like to add to this server an openVPN instance but this time in server mode.
From a technical point of view I do not see what could be a problem to use two instances of openVPN at the same time since we use two differents virtual network cards. And both subnets are distinct. The default gateway is never changed (and never will). It could avoid a lot of problems.
I managed to install two TAP cards (used by openVPN). I do not know how to "link" an instance of openVPN to a specific network card. Does having two network cards TAP enough? How to proceed to get one client and one server of openVPN at the same time, on the same machine ?
Original post
I am using a Windows server.
I have to use openVPN as a client and as a server on the same time on the same machine. Is it possible ?
If yes, what are the constraints?
If not, are there other alternatives?
I know there are possibilities on a Linux with the power of iptables but I do not really know if this is possible on a windows host.
Best Answer
Having an OpenVPN TLS server and client on the same machine is possible (I've run this way under Ubuntu some time ago and don't expect Windows makes a problem here). Simply set them to use different ports and virtual TAP-Win32 network cards.
Preferably, configure the client instance to include
nobindoption so it uses a random, dynamic port. This will let you avoid port conflicts between instances easily (by default OpenVPN always binds to the default port 1194, even in client mode). The server needs to bind to a port, you can optionally set it withport $PORTif the default one is inappropriate for you. In both server and client usedev-node $GUIDto assign a separate, instance-specific TAP adapter. GUIDs can be read from registry or with the console commandopenvpn --show-adapters.