Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - only 1 user can connect per public IP?

    Scheduled Pinned Locked Moved OpenVPN
    openvpnone ip address
    18 Posts 5 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrichards555 @jrichards555
      last edited by

      Note that these logs were taken after both were connected, i.e. user_1 connected, user_2 connected, then I took logs from everything...

      dragoangelD 1 Reply Last reply Reply Quote 0
      • dragoangelD
        dragoangel @jrichards555
        last edited by

        @jrichards555 try look tomorrow, now at home

        Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
        Unifi AP-AC-LR with EAP RADIUS, US-24

        1 Reply Last reply Reply Quote 0
        • dragoangelD
          dragoangel
          last edited by dragoangel

          Did you tried use OpenVPN community version https://openvpn.net/community-downloads/ ? I'm not have viscosity, so maybe it client specific related case. We need remove this from possible case.

          Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
          Unifi AP-AC-LR with EAP RADIUS, US-24

          1 Reply Last reply Reply Quote 0
          • J
            jrichards555
            last edited by

            My clients that found this issue do use OpenVPN. I just happen to use Viscosity...

            1 Reply Last reply Reply Quote 0
            • dragoangelD
              dragoangel
              last edited by

              I doesn't see when user 1 was loss connection to VPN it good to see it time and error displayed. Could you recheck your post with logs provided.

              Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
              Unifi AP-AC-LR with EAP RADIUS, US-24

              1 Reply Last reply Reply Quote 0
              • dragoangelD
                dragoangel
                last edited by

                From server logs and client logs timestamp of initialize, auth and connect user_2 and disconnect of (some users: login not provide in logs) are not matching in minute. It strange, check yourself, maybe I lose something

                Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                Unifi AP-AC-LR with EAP RADIUS, US-24

                J 1 Reply Last reply Reply Quote 0
                • PippinP
                  Pippin
                  last edited by Pippin

                  If you can switch to topology subnet, do it.
                  It simplifies configuration.

                  Anyway:
                  Server log

                  Jun 24 12:13:36 openvpn 46486 imenu_1/76.29.116.9:40380 MULTI: Learn: 192.168.150.114 -> imenu_1/76.29.116.9:40380
Jun 24 12:16:25 openvpn 46486 imenu_2/76.29.116.9:50526 MULTI: Learn: 192.168.150.114 -> imenu_2/76.29.116.9:50526

                  They get assigned the same tunnel ip.

                  This is after the server reads:

                  OPTIONS IMPORT: reading client specific options from:

                  So you need to check you client specific overides.

                  I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                  Halton Arp

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    jrichards555 @dragoangel
                    last edited by

                    @dragoangel Times might vary a tad. As far as your keen eye seeing that User 1 loses connection, you are correct - it never does lose connection. It just suddenly can't reach the network. So if I'm pinging say 172.16.0.1 constantly and I suddenly connect with User 2, User 2 will connect and I can ping 172.16.0.1. When I go back to User 1, the client is still connected, but my pings time out...

                    1 Reply Last reply Reply Quote 0
                    • J
                      jrichards555 @Pippin
                      last edited by

                      @Pippin As I said, I've tried switching to topology subnet however, then my firewall rules don't seem to work and there is nothing being logged telling me why.

                      As far as my client specific overrides, my original configuration only has the IP subnet override - in the case of these users, 192.168.150.112/28. Both these users have this override and this has never been an issue. In my attempt to find this issue, I even tried it with 2 new users (in a different subnet - 150.2/29) and get the same thing. In the cased of the different subnet, both users get assigned the .2 address.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jrichards555
                        last edited by

                        Thoughts anyone?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.