I'm currently running OpenVPN on my VPS, listening on port 1194 via TCP. I need to use TCP since I sometimes need to tunnel traffic over an HTTP proxy. However, I'd also like to be able to use UDP, which should be faster. However, I don't want to create two subnets, as I also have my machines connect to one another, and I'd like to have them all on one subnet.
Is there any way I have two instances share one IP pool?
Here's my server config, for reference:
dev tun
proto tcp
persist-key
persist-tun
log-append /var/log/openvpn
comp-lzo
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server 192.168.192.0 255.255.255.0
topology subnet
client-to-client
push "dhcp-option DNS 192.168.192.1"
push "dhcp-option DOMAIN my.example.com"
# Daemon settings
user nobody
group nogroup
Ok, I solved this.
First, I switched to a bridged network. I created one bridge device, and two tap devices which are attached (I don't have an ethernet device on the bridge). The UDP server listens on 192.168.192.1 [and on tap0], the TCP on 192.168.192.2 [and on tap1]. The bridge itself gets 192.168.192.1, but I don't think this is that important. Both have the same ifconfig-pool-persist file.
This worked, but I couldn't connect from clients connected via UDP to clients connected via TCP or vice versa (clients with the same method could talk to each other). I added a firewall rule:
and now everything works.
The traffic you put into the VPN is independent from the protocol used for the tunnel. In an OpenVPN tunnel, you can put AFAIK any traffic (TCP, UDP, ICMP,...).
EDIT : I really really don't think you can have two OpenVPN instances with the same subnet as that would give you an impossible routing table. What you can do, is have to separate subnets or route between them. I have never done it but I think it's reasonnable to think that it will work.