Two Server Processes, One Tunnelblick, TAP and TUN?

[sundial....@gmail.com]

I (think that I...) would like to set up one OS/X machine to act as two different OpenVPN servers at the same time:

1. On the standard TCP port, for use by "road warriors," I would set up a bridge so that warriors can connect to the office network just as though they were really in the office.  I think I would use TAP "bridging" for this.
2. Meanwhile, we have a MySQL database-replication server, which will need to reach a remote server which should not see any part of the internal network.  Therefore, I think that I need to set up a separate TUN.  I understand that, to do this, I must allocate a second (non-standard) port on the server for a second instance of OpenVPN to be listening to.

Is this simply a matter of defining two server configurations (that is to say, "we are a server") with different configuration particulars such as TUN vs. TAP and port-number? Will TunnelBlick start and maintain both of these, if I ask it to?

To elaborate on the second case:  I'd tunnel between, say, port "10.0.111.111" on the server and "10.0.222.222" on the remote.  The MySQL remote server (master) would open an OpenVPN connection to us, and thereby be able to communicate through its port 10.0.222.222.  Meanwhile, the replication server (slave) would connect to its side of the pipe, 10.0.111.111.  The traffic between the two SQL servers would therefore be handled by the second OpenVPN, but managed by one always-running instance of TunnelBlick.

Will this work?

[jkbull...gmail.com]

You can certainly have Tunnelblick run two server configurations if they are configured correctly. It's really an OpenVPN configuration question, and you need to consults with OpenVPN experts for that:

• OpenVPN FAQ
• OpenVPN HOWTO
• OpenVPN 2.3 Man Page
• OpenVPN Documentation
• OpenVPN Users Forum
• OpenVPN Users Mailing List

You would need need set the "Set DNS/WINS" Tunnelblick setting for both configurations to "Do not set nameserver" because the standard scripts used by Tunnelblick are for clients, not servers. (You would use your own scripts for anything you wanted to do.)

And there are reports that Tunnelblick's "Connect when computer starts" setting doesn't always work, so if you are counting on that you might want to test that.

[jr]

I've got three running on my Linux server.   Just create multiple *.conf files, each with a different port (a tap via both tcp & udp and a tun with udp).   I don't remember why I implemented a dev tap0 and dev tap1

vpn1.conf:

port    7971

proto   tcp

dev-type     tap

dev tap1

vpn2.conf:

port    7971

proto   udp

dev-type     tap

dev tap0

vpn3.conf:

port    7981

proto   udp

dev-type     tun

dev tun0