How I run two openvpn server in same private network
I am running two openvpn servers in private network (192.168.0.0). Only in case one server stops working.
Network
default gateway internet router: 192.168.0.250
openvpn1: 192.168.0.137 10.8.0.0, debian, bananapi m2
openvpn2: 192.168.0.143 old=10.8.0.0 new=10.8.1.0, debian, bananapi B2
web server1: 192.168.0.40 (static ip), also running unbound dns and dnsmasq as DHCP server, debian
web server2: 192.168.0.50 (static ip), enigma2
Problem
First, both openvp servers where configured the same, using 10.8.0.0 for the remote clients. Do not forget to enable ip4 forwarding: sudo sysctl -w net.ipv4.ip_forward=1.
Unfortunately, some hosts did not respond, when connected to the second openvp server. Don’t know, why openvpn server1 works for remote connections connecting to private web servers. Internet browsing using default router worked with both opvpn connections.
When running a ssh session on .137 or .143, I was able to ping .40, but could not browse to the .40 web server from the remote connection. When connected to openvpn2, I could not open the web page of the 192.168.0.40 server.
How does a host know to use correct vpn network for sending back traffic and do not use the default router?
Solution
I changed the configuration to openvpn2 to use 10.8.1.0. Then I tested with static routes on 192.168.0.40:
For the static ip (/etc/network/interfaces):
post-up route add -net 10.8.0.0/24 gw 192.168.0.137 dev eth1
post-up route add -net 10.8.1.0/24 gw 192.168.0.143 dev eth1
After that temporary change on .40, I was able to to connect to openvpn2 and the web server on .40.
For dhcp clients in network (many esp8266, esp32 and esplink devices), I need to have an option for DHCP too.
On the dnsmasq dhcp server:
dhcp-option=option:classless-static-route,0.0.0.0/0,192.168.0.250,10.8.0.0/24,192.168.0.137,10.8.1.0/24,192.168.0.143
Note that the default router option (dhcp-option=option:router,192.168.0.250) may be ignored by dhcp clients
The dhcp options have been verified on a debian client:
aoa150:~$ ip r
default via 192.168.0.250 dev wlan2 proto static metric 600
10.8.0.0/24 via 192.168.0.143 dev wlan2 proto dhcp metric 600
10.8.1.0/24 via 192.168.0.137 dev wlan2 proto dhcp metric 600
192.168.0.0/24 dev wlan2 proto kernel scope link src 192.168.0.111 metric 600
Now I can connect from my mobile using OpenVPN to my network using openvpn1 and openvpn2 server.