How to run both UDP and TCP on Openvpn Linux at the same time

May 01, 2020


Welcome to my blog. I will teach you how to run TCP and UDP protocols at the same time on OpenVPN Linux.
Yes. you heard it right you can run multiple instances on your Linux server but there are some tweaks that need to do. We will use Ubuntu 16 Server OS but you can use it too on other Linux OS.

 First, go to your OpenVPN location at
cd /etc/openvpn
Second, open your file via nano server.conf and copy all the data on the server.conf close the nano text editor via cntrl+x on keyboard.
nano server.conf

 [output will be similar like this]

 dev tun
proto tcp
port 110
dh none
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 1 10
cipher none
auth none
reneg-sec 0
log /dev/null
status /dev/null
tcp-nodelay
ecdh-curve prime256v1
ncp-disable
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 After that, open a new text editor via nano udp.conf and put all the data you copied there.
  1. Change proto into UDP
  2. Change your port to 443
  3. change your server IP from 10.8.0.0 to 10.8.1.0
  4. save it
Your udp.conf should look like this
dev tun
proto udp
port 443
dh none
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 1 10
cipher none
auth none
reneg-sec 0
log /dev/null
status /dev/null
tcp-nodelay
ecdh-curve prime256v1
ncp-disable
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

 Now your UDP configuration is ready. Now we need to open the port in our iptables
# allow TCP ipv4 replace with your port
iptables -I INPUT -p tcp --dport 443-j ACCEPT
# allow UDP ipv4 replace with your port
iptables -I INPUT -p udp --dport 443-j ACCEPT
# allow TCP ipv6 replace with your port
ip6tables -I INPUT -p tcp --dport 443-j ACCEPT
# allow UDP ipv6 replace with your port
ip6tables -I INPUT -p udp --dport 443-j ACCEPT
#allow ip address
iptables -I INPUT -p udp -s 10.8.0.1 -j ACCEPT 
 
We just need to run your instances via this code. 
sudo service openvpn@udp start  
 
Now your server is running both UDP and TCP protocol.

On your Client side, make an .ovpn file with proto udp and port 443 just like this: 
client
dev tun
proto udp
remote 192.168.1.1 443
persist-key
persist-tun
auth-user-pass
verb 3
redirect-gateway def1
cipher none
auth none
auth-nocache
auth-retry interact
connect-retry 0 1
nice -20
reneg-sec 0
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4


<ca>
-----BEGIN CERTIFICATE-----
MIIBrTCCAVKgAwIBAgIJAMwxNnqzf5hxMAoGCCqGSM49BAMCMBcxFTATBgNVBAMM
DGplcm9tZWxhbGlhZzAeFw0xOTExMDEwNzUwMTBaFw0yOTEwMjkwNzUwMTBaMBcx
FTATBgNVBAMMDGplcm9tZWxhbGlhZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BGALTkrNJ8w5KtpeIwjihLsLDXpZxv+KNpSQCei+n6JXvMPeKDrvwEvY8jsEb0KL
aqNbFDo0MfGc3d9OINRUttKjgYYwgYMwHQYDVR0OBBYEFJXihpO93UjCbxkAefFB
O8l4xb4rMEcGA1UdIwRAMD6AFJXihpO93UjCbxkAefFBO8l4xb4roRukGTAXMRUw
EwYDVQQDDAxqZXJvbWVsYWxpYWeCCQDMMTZ6s3+YcTAMBgNVHRMEBTADAQH/MAsG
A1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEA8eehh3XGUwun5HYeW8Ao/vyy
X+9Xat9hIOVsXz/bosMCIQDoraPifMb6J2n0DyaOEfjN/R5JA6BRT0wjR+yBHPMv
pg==
-----END CERTIFICATE-----
</ca>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
945dd8355bf77ca1a5d13b6ca1a83ba7
d289338c5b6b3ae01a757741236b7ac7
dc51540a082f622afcca8ab63bc8cedb
e38978da6ba4da796aa93125ca319546
a3cec71c7407baa182a1e764f2dbda3a
d2b0f6aa2bcc7d83e5c89830414d90c1
7b8d3076512861ece9e08b9325c7b7f7
b64ffa9bb7f294731bd098076262fb31
5ef50d9f439d2eacb89b462cef97c34c
c3b5b2585003eaae2c6a88dd55a5ba9e
b05ce33b48bbe47703ca3bb3d0febd7c
f9a90018cbb63eb6f2678fa7169caac1
922fa5e26d76b1e1c0a762e7e0572841
89e86cdeaab657bb3a5a8d33d168c28f
12a5de0b41fb1a87484596f5bc440342
8a819b0cb1983c8dadea3a5faf42330a
-----END OpenVPN Static key V1-----
</tls-crypt>
 
If you encounter an error just comment here and I will respond immediatel.
PS: You need to make a copy of your client file and change the port, and proto udp there.

Share This Story

Tags:

You Might Also Like

2 comments

  1. UnknownMay 1, 2020 at 11:22 PM

    Paano paganahin sa android and if pwede kaya ba. Maganda 'to.

    ReplyDelete
    Replies
    1. KevinMay 1, 2020 at 11:55 PM

      yung .ovpn file mo edit mo gawin mong 443 tapos proto udp

      Delete

Join Our Group

 
PHC VPN Freenet OpenVPN Injector Community
Private group · 99 members
Join Group
DNS Freenet OpenVPN Injector Group etc.