RoadWarrior OpenVPN
-
I have configure OpenVPN
on pfsense 1.2RC2:
Protocol: UDP
Dynamic IP: on
Local Port: 1194
Address pool: 172.16.100.0/24
Use static IPs: off
Local network: 172.16.4.0/16
Remote network: -
Client-to-client VPN: on
Cryptography: BF-CBC (128-bit)
Authentication method: PKI
DCHP-Opt.: DNS-Domainname: xxx.co.id
DCHP-Opt.: DNS-Server: 172.16.4.16;172.16.4.52
DCHP-Opt.: WINS-Server: 172.16.4.5;172.16.4.6
DCHP-Opt.: NTP-Server: 172.16.4.52;172.16.4.16
DCHP-Opt.: NetBIOS node type: b-node
LZO Compression: onon windows client:
float
port 1194
dev tun
dev-node OpenVPN
proto udp
remote xxx.xxx.xxx.xxx 1194
ping 30
persist-tun
persist-key
tls-client
ca ca.crt
cert client-mbs.crt
key client-mbs.key
ns-cert-type server
comp-lzo
pull
verb 4on linux client:
float
port 1194
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
ping 30
persist-tun
persist-key
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client-mbs.crt
key /etc/openvpn/client-mbs.key
ns-cert-type server
comp-lzo
pull
verb 4the question is:
when linux client is connected, the ip address is 172.16.100.6. but when the windows client is connected also, the ip address is the same on linux client. i'm only testing with two clients.
why the dynamic ip is not working on the client? -
I'm not sure if this is related but your address pool and your local subnet are overlapping.
You need to to use different subnets. -
wrong type ;D
the right local network is 172.16.4.0/24. -
Just to be sure: Do your two clients use a different key and certificate?
-
i'm using the same key and certificate
-
Well then this is your problem :)
Every client needs to have its own key and vertificate.
Otherwise the server wont be able to differ the clients.
Also you have in your config the "float" option active.
This means that a client change change his IP/port and reconnect immediatelly and still be recognised as the same client.If now two clients have the same key the server means the whole time that a ingle client changes his IP.
–> Use two different keys/certificates and all will be ok.
-
oh i see… i missed that one. :-[
thanks for your info.
