OpenVPN: Connect to multiple VPNs on Windows

Hi,

on Windows OpenVPN by default installs one TAP network interface. If you want to connect to multiple VPNs simultaneously you need an interface for each VPN.

You can add a additional adapter by a batch file provided by the TAP driver. Open a command prompt with administrative rights and change to the TAP install folder.

c:\> cd "C:\Program Files\TAP-Windows\bin"

and call

C:\Program Files\TAP-Windows\bin\>  addtap.bat

"devcon.exe" install "C:\Program Files\TAP-Windows\driver\OemWin2k.inf" tap0901
Device node created. Install is complete when drivers are installed...
Updating drivers for tap0901 from C:\Program Files\TAP-Windows\driver\OemWin2k.inf.
Drivers installed successfully.

and check it:

C:\Program Files\OpenVPN\bin> openvpn --show-adapters
Available TAP-WIN32 adapters [name, GUID]:
'Local Area Connection 2' {DD2A53C5-63BD-492A-A7F4-94E724007B2A}
'Local Area Connection 3' {EF7623C03-542A-34E8-B633-E3B742983E3}

Put your .ovpn config  and certificates files to the C:\Program Files\OpenVPN\config folder and add the nobind to each config so that a dynamic (UDP) source port is used for each VPN session respective openvpn process.

When a static assignment between a VPN and specific interface is necessary add the TAP Interfacename as parameter of the dev-node option to the openvpn config file:

dev tap
dev-node "Local Area Connection 3"

Michael

20 thoughts on “OpenVPN: Connect to multiple VPNs on Windows”

  1. Just what I needed but I have a problem. I created the TUNs no problem and see both. I can connect to one or the other fine. When I connect to both VPNs, whichever was connected to last shows no default route in ipconfig and that VPN doesn’t work. FYI I’m using v10 of the gui and I don’t see how I can check the version of OpenVPN itself.

    1. Hi stel,

      you can only have one default route per system. The server you want to connect to have to push routes for the network which should be reachable over the connection.
      For example: The OpenVPN Network is 10.10.20.0/24 and you want to reach the network 10.10.10.0/24 over this connection. Then add the following line to the server ovpn config file:

      push "route 10.10.10.0 255.255.255.0 10.10.20.1"

      10.10.20.1 is the IP Address of the gateway/router, usually the IP Address of the OpenVPN Server. You have to add a push line for all networks you want to reach.

      Michael

  2. Just letting you all know that adding a subnet to each of the servers worked perfectly. I did do it on the server side which is better for a few reasons. I’m using zeroshell as my FW and here’s a link that tells you where to add routes on zeroshell for VPN.
    Oops can’t add a link so just sear for host-to-lan-vpn-routing on the zeroshell org forum site.

Leave a Reply