Remote Access SSL TLS with same IP address in client sides

mitm2010

I configured one tunnel (10.1.1.0) for both server and clients.
I configured the outbound hybrid NAT for client-01 and client-02 (screenshot).
For OpenVPN rules i authorized all traffic in the client-01 and client-02 (screenshot).
I see that the NAT rules are note auto-generated !!

I have always the same problem. Just one tunnel is up (screenshot).

![client-01 and client-02 rules.png](/public/imported_attachments/1/client-01 and client-02 rules.png)
![client-01 and client-02 rules.png_thumb](/public/imported_attachments/1/client-01 and client-02 rules.png_thumb)

NAT-client-01.png_thumb

NAT-client-02.png_thumb
![Server side.png](/public/imported_attachments/1/Server side.png)
![Server side.png_thumb](/public/imported_attachments/1/Server side.png_thumb)
![vpn client specific overrides config.png](/public/imported_attachments/1/vpn client specific overrides config.png)
![vpn client specific overrides config.png_thumb](/public/imported_attachments/1/vpn client specific overrides config.png_thumb)
![VPN server config.png](/public/imported_attachments/1/VPN server config.png)
![VPN server config.png_thumb](/public/imported_attachments/1/VPN server config.png_thumb)

viragomann

Now, your clients get the identical virtual IP address. So there is presumably something wrong in your setup.

What are the route entries in server advanced config good for? That's obsolete, so remove this, please.
For pushing routes to client, use the "Locale Network(s)" field. Just enter 172.20.20.0/24 there. Don't enter the clients LAN addresses or subnets, since if you don't need access between clients.

Also remove the iroute from client specific override. For that it's sufficient to enter the hosts or networks in "Remote Network(s)".
If the routing works this way you would not need the outbound NAT rules at clients.

mitm2010

Thank you so much,

When I remove the route and push route commands, the VPN tunnel is up for just one (Screenshot). And no communications between the client-01 or client-02 (windows machines) and the servers (at server side). And no Auto-generated NAT rules.

I don't know what's wrong in the config :(

![OpenVPN status.png](/public/imported_attachments/1/OpenVPN status.png)
![OpenVPN status.png_thumb](/public/imported_attachments/1/OpenVPN status.png_thumb)

ClientOverridesConfig.png_thumb

viragomann

Do you use the same certificate for both clients?

mitm2010

No I use different certificates. But the same CA for both.

viragomann

The same CA is obvious. You create a CA, then you create a server cert and user certs for the clients using this CA. The client certs have to be exported from server and imported at client. I think, you have done this this way.

But now you try to route the 192.168.1.0/24 subnet to both clients (client specific overrides). That's not possible.

Also there must be something wrong in your server setting. Please post the "Client Settings" area.

mitm2010

The CA and certificates exports is previously done when i used the different IP addresses :)

I attached the client settings in the client-01 side (pfsense-01).

Best regards.

![client settings.png](/public/imported_attachments/1/client settings.png)
![client settings.png_thumb](/public/imported_attachments/1/client settings.png_thumb)

viragomann

Please post the server config. At least the section "Client Settings". It must be something wrong there.

mitm2010

I didn't configure the client settings in the server side. In the server side, I just configured the Server and client specific overrides settings.

viragomann

At server configuration tab there is a section called "Client Settings".