Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple clients on same VPN IP?

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 4 Posters 944 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      DominikHoffmann
      last edited by DominikHoffmann

      I am playing around with having both of my iOS devices (an iPhone and an iPad) connect to my OpenVPN via the OpenVPN Connect client app.

      I did not expect both clients to report the same private IP:

      IMG_5565 (1).jpeg

      IMG_2996 (1).jpeg

      Both are at 192.168.3.2. Are these spoofed, only local, IP addresses? I guess, I don’t fully understand how OpenVPN works.

      JKnottJ V 2 Replies Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott @DominikHoffmann
        last edited by

        @dominikhoffmann

        Assuming they're both connected at the same time, they should have different addresses. Otherwise, neither will work. When you set up OpenVPN, you provide a network for remote users and can specify how many are allowed to connect. Perhaps you could show your OpenVPN config.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          DominikHoffmann @JKnott
          last edited by

          @JKnott

          Here is the client config file:

          persist-tun
          persist-key
          data-ciphers AES-128-GCM:AES-256-CBC
          data-ciphers-fallback AES-256-CBC
          auth SHA256
          tls-client
          client
          remote ***.***.***.*** 1194 udp4
          verify-x509-name "server" name
          remote-cert-tls server
          compress 
          explicit-exit-notify
          
          <ca>
          -----BEGIN CERTIFICATE-----
          (…)
          -----END CERTIFICATE-----
          </ca>
          <cert>
          -----BEGIN CERTIFICATE-----
          (…)
          -----END CERTIFICATE-----
          </cert>
          <key>
          -----BEGIN PRIVATE KEY-----
          (…)
          -----END PRIVATE KEY-----
          </key>
          

          And the server config:

          ovpn 
          dev ovpns2
          verb 1
          dev-type tun
          dev-node /dev/tun2
          writepid /var/run/openvpn_server2.pid
          #user nobody
          #group nobody
          script-security 3
          daemon
          keepalive 10 60
          ping-timer-rem
          persist-tun
          persist-key
          proto udp4
          auth SHA256
          up /usr/local/sbin/ovpn-linkup
          down /usr/local/sbin/ovpn-linkdown
          local ***.***.***.***
          tls-server
          server 192.168.3.0 255.255.255.0
          client-config-dir /var/etc/openvpn/server2/csc
          tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server' 1"
          lport 1194
          management /var/etc/openvpn/server2/sock unix
          max-clients 3
          push "route 192.168.1.0 255.255.255.0"
          push "route 192.168.2.0 255.255.255.0"
          push "route 192.168.4.0 255.255.255.0"
          push "dhcp-option DOMAIN hoffmann.homeunix.net"
          push "dhcp-option DNS 192.168.3.1"
          client-to-client
          capath /var/etc/openvpn/server2/ca
          cert /var/etc/openvpn/server2/cert 
          key /var/etc/openvpn/server2/key 
          dh /etc/dh-parameters.2048
          data-ciphers AES-128-GCM:AES-256-CBC
          data-ciphers-fallback AES-256-CBC
          allow-compression asym
          compress 
          persist-remote-ip
          float
          topology subnet
          

          I do not see a hard-coded 192.168.3.2 anywhere.

          JKnottJ 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @DominikHoffmann
            last edited by

            @dominikhoffmann
            Ensure that you use a different SSL certificate on each client.

            1 Reply Last reply Reply Quote 1
            • JKnottJ Offline
              JKnott @DominikHoffmann
              last edited by

              @dominikhoffmann

              I was thinking screen shots of the area where you configure your VPN network on the server page.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              D 1 Reply Last reply Reply Quote 0
              • D Offline
                DominikHoffmann @JKnott
                last edited by

                @jknott

                Screen Shot 2021-04-07 at 12.04.54 PM.png

                Screen Shot 2021-04-07 at 12.14.57 PM.png

                Is there anything else I am failing to include?

                bingo600B D 2 Replies Last reply Reply Quote 0
                • bingo600B Offline
                  bingo600 @DominikHoffmann
                  last edited by

                  @dominikhoffmann

                  Are you connecting these devices at the same time ??
                  I'd expect the asigned client ip address to be returned to the "pool" , a bit after the client has disconected from the server.

                  /Bingo

                  If you find my answer useful - Please give the post a 👍 - "thumbs up"

                  pfSense+ 23.05.1 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

                  D 1 Reply Last reply Reply Quote 0
                  • D Offline
                    DominikHoffmann @bingo600
                    last edited by

                    @bingo600 said in Multiple clients on same VPN IP?:

                    Are you connecting these devices at the same time ??

                    Yes, those screenshots in the original post are concurrent.

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      DominikHoffmann @DominikHoffmann
                      last edited by

                      I turned on the “Allow multiple concurrent connections from the same user” option only after the original post in this thread. With that checked, two concurrent clients using the same certificates get distinct IP addresses.

                      That option turns on a configuration line in

                      /var/etc/openvpn/server*
                      

                      that says

                      duplicate-cn
                      

                      A post on ServerFault had pointed me in that direction.

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.