Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Duplicate IP assigned by Remote Access server

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 5 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmb
      last edited by

      Sounds like you're using the same cert on both. You'll want a unique cert on each one. the cert should be specific to an individual machine in that case.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        That still seems like odd behavior that shouldn't happen even in that circumstance.  Seems like the second attempt should either fail, supplant the first login, or, if multiple logins are permitted, get a different IP address assigned.  Unless there's a client-specific ifconfig, then you should get what you set and if it's broken, it's broken.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          robfantini
          last edited by

          @cmb:

          Sounds like you're using the same cert on both. You'll want a unique cert on each one. the cert should be specific to an individual machine in that case.

          Yep that is the reason.

          Prior to now I'd  require a name and password to use this connection.  However I could not figure out how to do so using openvpn cli setup.  These are not gui systems with network manager…  dealing with certs to

          I eliminated that , using  Remote Access ( SSL/TLS ) instead of  Remote Access ( SSL/TLS + User Auth )

          Now a question -  can you point me in the direction of setting up multiple certs for Remote Access ( SSL/TLS ) ?

          Or do I need to use one vpn Remote Access ( SSL?TLS) setup per connection?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            All you should need are other certs signed by the server's Peer Certificate Authority.

            I just looked in the book and I don't see where it's explained just what OpenVPN uses to differentiate clients in Remote Access (SSL/TLS) mode.  CN?  Fingerprint?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              CN. The whole client specific overrides thing works based on this.

              1 Reply Last reply Reply Quote 0
              • R
                robfantini
                last edited by

                Using  per host [ user ] certs for archive file solved the issue.  and of course is a lot easier to manage cert security.

                thank you for the help.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  @robfantini:

                  Using  per host [ user ] certs for archive file solved the issue.  and of course is a lot easier to manage cert security.

                  Don't forget to tick this:

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Thought that would only matter in SSL/TLS + User Auth mode.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • R
                      robfantini
                      last edited by

                      @doktornotor:

                      at this screen: vpn_openvpn_server.php

                      that option is not avail when Sever Mode  is Remote Access ( SSL/TLS  )

                      I do see it when using  Server Mode = Remote Access ( SSL/TLS  + User Auth )

                      1 Reply Last reply Reply Quote 0
                      • B
                        BoMbY
                        last edited by

                        If it is the same Cert, try using the "duplicate-cn" option on the server. It is not recommended though, better use different Certs for each Client.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.