Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Duplicate IP assigned by Remote Access server

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 5 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      Hmm.  What does the server show at the time?  Anything in the server logs that stands out?  What's the network you're using for topology subnet?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Sounds like you're using the same cert on both. You'll want a unique cert on each one. the cert should be specific to an individual machine in that case.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          That still seems like odd behavior that shouldn't happen even in that circumstance.  Seems like the second attempt should either fail, supplant the first login, or, if multiple logins are permitted, get a different IP address assigned.  Unless there's a client-specific ifconfig, then you should get what you set and if it's broken, it's broken.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • R
            robfantini
            last edited by

            @cmb:

            Sounds like you're using the same cert on both. You'll want a unique cert on each one. the cert should be specific to an individual machine in that case.

            Yep that is the reason.

            Prior to now I'd  require a name and password to use this connection.  However I could not figure out how to do so using openvpn cli setup.  These are not gui systems with network manager…  dealing with certs to

            I eliminated that , using  Remote Access ( SSL/TLS ) instead of  Remote Access ( SSL/TLS + User Auth )

            Now a question -  can you point me in the direction of setting up multiple certs for Remote Access ( SSL/TLS ) ?

            Or do I need to use one vpn Remote Access ( SSL?TLS) setup per connection?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              All you should need are other certs signed by the server's Peer Certificate Authority.

              I just looked in the book and I don't see where it's explained just what OpenVPN uses to differentiate clients in Remote Access (SSL/TLS) mode.  CN?  Fingerprint?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                CN. The whole client specific overrides thing works based on this.

                1 Reply Last reply Reply Quote 0
                • R
                  robfantini
                  last edited by

                  Using  per host [ user ] certs for archive file solved the issue.  and of course is a lot easier to manage cert security.

                  thank you for the help.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    @robfantini:

                    Using  per host [ user ] certs for archive file solved the issue.  and of course is a lot easier to manage cert security.

                    Don't forget to tick this:

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Thought that would only matter in SSL/TLS + User Auth mode.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • R
                        robfantini
                        last edited by

                        @doktornotor:

                        at this screen: vpn_openvpn_server.php

                        that option is not avail when Sever Mode  is Remote Access ( SSL/TLS  )

                        I do see it when using  Server Mode = Remote Access ( SSL/TLS  + User Auth )

                        1 Reply Last reply Reply Quote 0
                        • B
                          BoMbY
                          last edited by

                          If it is the same Cert, try using the "duplicate-cn" option on the server. It is not recommended though, better use different Certs for each Client.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.