Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RoadWarrior OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      agismaniax
      last edited by

      I have configure OpenVPN

      on pfsense 1.2RC2:

      Protocol: UDP
      Dynamic IP: on
      Local Port: 1194
      Address pool: 172.16.100.0/24
      Use static IPs: off
      Local network: 172.16.4.0/16
      Remote network: -
      Client-to-client VPN: on
      Cryptography: BF-CBC (128-bit)
      Authentication method: PKI
      DCHP-Opt.: DNS-Domainname: xxx.co.id
      DCHP-Opt.: DNS-Server: 172.16.4.16;172.16.4.52
      DCHP-Opt.: WINS-Server: 172.16.4.5;172.16.4.6
      DCHP-Opt.: NTP-Server: 172.16.4.52;172.16.4.16
      DCHP-Opt.: NetBIOS node type: b-node
      LZO Compression: on

      on windows client:
      float
      port 1194
      dev tun
      dev-node OpenVPN
      proto udp
      remote xxx.xxx.xxx.xxx 1194
      ping 30
      persist-tun
      persist-key
      tls-client
      ca ca.crt
      cert client-mbs.crt
      key client-mbs.key
      ns-cert-type server
      comp-lzo
      pull
      verb 4

      on linux client:
      float
      port 1194
      dev tun
      proto udp
      remote xxx.xxx.xxx.xxx 1194
      ping 30
      persist-tun
      persist-key
      tls-client
      ca /etc/openvpn/ca.crt
      cert /etc/openvpn/client-mbs.crt
      key /etc/openvpn/client-mbs.key
      ns-cert-type server
      comp-lzo
      pull
      verb 4

      the question is:
      when linux client is connected, the ip address is 172.16.100.6. but when the windows client is connected also, the ip address is the same on linux client. i'm only testing with two clients.
      why the dynamic ip is not working on the client?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        I'm not sure if this is related but your address pool and your local subnet are overlapping.
        You need to to use different subnets.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • A
          agismaniax
          last edited by

          wrong type  ;D
          the right local network is 172.16.4.0/24.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Just to be sure: Do your two clients use a different key and certificate?

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • A
              agismaniax
              last edited by

              i'm using the same key and certificate

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                Well then this is your problem :)

                Every client needs to have its own key and vertificate.

                Otherwise the server wont be able to differ the clients.
                Also you have in your config the "float" option active.
                This means that a client change change his IP/port and reconnect immediatelly and still be recognised as the same client.

                If now two clients have the same key the server means the whole time that a ingle client changes his IP.

                –> Use two different keys/certificates and all will be ok.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • A
                  agismaniax
                  last edited by

                  oh i see… i missed that one.  :-[
                  thanks for your info.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.