OpenVPN Server: 2 clients obtaining same tunnel IP address
-
So you have two unique Usernames and both get the same IP?
-Rico
-
Sorry for the delayed reply - just got out of hospital so now I'm back at home where the actual pfSense install is.
I haven't got 2 unique usernames, I'm authenticating against FreeRADIUS, as I use this to log in to the Wi-Fi, but didn't think this would be an issue.
I will try setting up a 2nd unique username and testing against it, but I believed it would be sufficient to use 2 unique certificates. (Under System / Certificate Manager / Certificates, I have 2 different User Certificates) which means when I go to "VPN / OpenVPN / Client Export" I am given 2 unique configurations and I am copying each one to their respective devices.
-
@LandRocket hi. Did you specify any client override option? If so there could be unique override settings for each user cn. Or just skip overriding options.
-
openvpn-client.txt @Renat [0_1567660333168_client1.ovpn](Uploading 100%)
AFAIK it's all pretty OOB, nothing intentionally modified.
-
If you get the same IP on both devices I would bet on:
- you're using the same username
- you have something like username-certificate-CN matching
- either a CSO (client specific override) with a static IP configured OR
- setup a static in FreeRadius that is pushed to the client
- setup the OVPN server that multiple concurrent connections from the same user aren't allowed
- setup the user in Freeradius with concurrent connections =1
Something along those lines almost always is the culprit. :)
-
Testing with new FreeRADIUS user gave me unique IPs. It became a bit obvious when I read the logs too....
Sep 6 06:13:26 openvpn 90065 (username)/(externalip):37496 MULTI_sva: pool returned IPv4=(vpntunnelip).2, IPv6=(Not enabled)
So, I know for future that even with Server mode in OpenVPN set to Remote Access (SSL/TLS + User Auth) - you still need unique usernames..
OSI Model Layer 8 issue in progress...
-
@LandRocket said in OpenVPN Server: 2 clients obtaining same tunnel IP address:
So, I know for future that even with Server mode in OpenVPN set to Remote Access (SSL/TLS + User Auth) - you still need unique usernames..
OSI Model Layer 8 issue in progress...Nah, not right. I'm running a FreeRadius Setup with OpenVPN users + certs. I can use my User with the same cert etc. on my phone and laptop simultaneously without problems. That's why I was betting on the points above. It is working with the same user, just not if some of the things I mentioned are configured the wrong way.
-
Hello,
I have the same problem than LandRocket. I have 2 users and pfSense give them the same IP address !
The way I found was to check the option "Duplicate Connection". It is strange because I thought that this option was useful for 2 connection with the same client, and not 2 connections with different clients. -
@Julien_Solisys said in OpenVPN Server: 2 clients obtaining same tunnel IP address:
The way I found was to check the option "Duplicate Connection“
That‘s meant for multiple connections with the same username or cert.
-
@viragomann
Ok, I understand, I have 2 different users but the same certificate...
Thank you very much for your help !
