Provide multiple hostnames/IP addresses for clients

angristan / openvpn-install

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.

https://stanislas.blog

MIT License

13.58k stars 2.96k forks source link

Provide multiple hostnames/IP addresses for clients #567

Open AMDBartek opened 4 years ago

AMDBartek commented 4 years ago

Have the option to provide multiple ports and hostnames/IP addresses while installing OpenVPN using the script.

This would be useful if a place has a firewall and the default port is blocked but you provided multiple ports so it can use another port that you provided like 443 or 80. It could also be useful if a firewall blocks hostnames because it can use a provided IP address to directly connect without the hostname.

This feature would be extremely useful for me so I would be very grateful if this could be implemented.

angristan commented 4 years ago

For the ports: https://github.com/angristan/openvpn-install/issues/542

For the hostname/IP, this is on the client side, not something that the script can manage except upon creation

AMDBartek commented 4 years ago

@angristan I mean while installing OpenVPN (upon creation) using the script, where it asks you to give a IP/hostname there should be an option to provide multiple IPs/hostnames, sorry for the confusion.

angristan commented 4 years ago

@AMDBartek okay, but what would you do with multiple IPs/hostnames?

AMDBartek commented 4 years ago

@angristan, For example, a computer has multiple external IP addresses/hostnames and one of the IP addresses/hostnames gets blocked by a firewall on a network that you don't own you could connect with the other IP addresses/hostnames. I would appreciate this being added to the script.

angristan commented 4 years ago

Yes but that is simply not supported by OpenVPN.

AMDBartek commented 4 years ago

But if my computer has multiple external IP addresses/hostnames couldn't I connect from both of them?

AMDBartek commented 4 years ago

It is supported by OpenVPN, the client-template.txt file could contain something like this as the client ovpn file can have multiple remote listed and I don't see why this couldn't be implemented in the script. Down below is an example of a client ovpn file with multiple remote listed:

client
proto udp
remote hostname1.example.com 443
remote hostname2.example.com 443
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_EEFghRTwEmCTByUu name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

angristan commented 4 years ago

Thanks, you're correct indeed:

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

On the client, multiple –remote options may be specified for redundancy, each referring to a different OpenVPN server.

randshell commented 4 years ago

I don't think it's a very common use case with a private openvpn server but maybe it can be useful for #464

@AMDBartek you can edit /etc/openvpn/client-template.txt to include this option on new profiles.

moonprogrammer commented 4 years ago

Nowadays each Server/VPS comes with about 1-IPv4 at least. Installing on multiple servers will increase the security instead of using one server to centralize everything @angristan ?