no free --ifconfig-pool addresses are available
-
Just a wild guess : every client eat up 4 IPs in from pool ? not sure about this, how is this possible and how to check? is there any setting i need to change?
-
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
Look at the openvpn server config file - the file itself (/var/etc/openvpn/serverX.conf where X is a number.
Does it contain..... topology subnet .....
-
here is my server config
#######
dev ovpns6
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun6
writepid /var/run/openvpn_server6.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 202.55.95.114
tls-server
server 10.99.26.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server6
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user c2dkYzAzLHNnZasdfasdfSxMb2NhbCBEYXRhYmFzZQ== false server6 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'sg.ong-ong.com' 1"
lport 1194
management /var/etc/openvpn/server6.sock unix
max-clients 100
push "route 10.25.0.0 255.255.0.0"
push "dhcp-option DOMAIN ong-ong.internal"
push "dhcp-option DNS 10.25.1.7"
push "dhcp-option DNS 10.25.1.9"
push "dhcp-option NTP 10.25.1.7"
push "dhcp-option NTP 10.25.1.9"
push "redirect-gateway def1"
duplicate-cn
ca /var/etc/openvpn/server6.ca
cert /var/etc/openvpn/server6.cert
key /var/etc/openvpn/server6.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server6.tls-auth 0
comp-lzo yes
persist-remote-ip
float
topology net30
push "route 10.84.3.0 255.255.255.0"
push "route 10.100.0.0 255.255.255.0"
push "route 10.60.0.0 255.255.0.0"
push "route 10.88.1.0 255.255.255.0"
push "route 10.62.21.0 255.255.255.0"
push "route 10.191.0.0 255.255.255.0"
push "route 10.66.0.0 255.255.0.0"
push "route 10.86.28.0 255.255.255.0"
push "route 10.65.2.0 255.255.255.0"
push "ping-exit 600" -
topology net30
is using 4 IPs per client.-Rico
-
Hi Rico,
Is there any advice to fix this?
Thanks,
A -
Expand your tunnel network or switch to topology subnet which is the default mode for like 5 years.
-Rico
-
Hi Rico,
I will probably try expanding my tunnel network to /22.
Thanks,
A -
I see some other problems in your config as well..
comp-lzo yes
Been a huge known security issue with openvpn and compression for quite some time.. "Voracle Attack"
https://community.openvpn.net/openvpn/wiki/VORACLEI would move to aes-gcm vs cbc
I would really suggest you read through
https://docs.netgate.com/pfsense/en/latest/vpn/scaling.htmlGreat doc with lots of great info about scaling and improving your vpn overall..
-
-
Glad you have it working.
-Rico