I'm currently running OpenVPN on my VPS, listening on port 1194 via TCP. I need to use TCP since I sometimes need to tunnel traffic over an HTTP proxy. However, I'd also like to be able to use UDP, which should be faster. However, I don't want to create two subnets, as I also have my machines connect to one another, and I'd like to have them all on one subnet.
Is there any way I have two instances share one IP pool?
Here's my server config, for reference:
dev tun
proto tcp
persist-key
persist-tun
log-append /var/log/openvpn
comp-lzo
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server 192.168.192.0 255.255.255.0
topology subnet
client-to-client
push "dhcp-option DNS 192.168.192.1"
push "dhcp-option DOMAIN my.example.com"
# Daemon settings
user nobody
group nogroup
Best Answer
Ok, I solved this.
First, I switched to a bridged network. I created one bridge device, and two tap devices which are attached (I don't have an ethernet device on the bridge). The UDP server listens on 192.168.192.1 [and on tap0], the TCP on 192.168.192.2 [and on tap1]. The bridge itself gets 192.168.192.1, but I don't think this is that important. Both have the same ifconfig-pool-persist file.
This worked, but I couldn't connect from clients connected via UDP to clients connected via TCP or vice versa (clients with the same method could talk to each other). I added a firewall rule:
and now everything works.