Problem with openvpn i cant use nore than 1 user



  • Hello.
    I got a problem with openvpn i cant use more than one user
    When the user disconnects i can use the other one.
    Any help.
    Thanks in advanced

    note :

    1- i install openvpn package
    2- created a certificate server
    3- i created some of users and refer them to the certificate
    4- i created openvpn server and refer it to the server certificate from CertManager .
    5- i downloaded the client export for android for each user

    1 device taking ip and works but the others getting ip but didn't works or redirect

    concurrent session is : 10

    IPv4 Tunnel Network :10.10.10.0/24
    IPv4 Local network(s) :192.168.1.0/24

    Advanced Configuration
    Custom Options:
    push "route 192.168.1.0 255.255.255.0"


  • Banned

    Using the same certificate for everyone?



  • Considering zero details were provided, we can only speculate.

    In addition to doktornotor's question, have you double checked the "Concurrent connections" setting in your config?



  • @doktornotor:

    Using the same certificate for everyone?

    i'm using the same server certificate for all

    i have done Server certificate and each user i created on it i refer them to the server certificate



  • @marvosa:

    Considering zero details were provided, we can only speculate.

    In addition to doktornotor's question, have you double checked the "Concurrent connections" setting in your config?

    yes it's 10 but i would like to ask i must create some openvpn server so they didn't stuck  or 1 just fine



  • if there any questions i must answer i'm  here



  • i'm using the same server certificate for all

    hint - What happens when you create (using the sames CA as the first) and use a second certificate for one of your client users?

    You'll probably find this will work out better, it means you need to create a new certificate for each simultaneous connect.
    Saves a huge hassle if you ever need to revoke a certificate (someone lost a laptop/phone in the airport, etc).

    You can also check the "Duplicate Connection" box on the OpenVPN Server configuration page, although this is often less desirable as I mentioned.



  • @divsys:

    i'm using the same server certificate for all

    hint - What happens when you create (using the sames CA as the first) and use a second certificate for one of your client users?

    You'll probably find this will work out better, it means you need to create a new certificate for each simultaneous connect.
    Saves a huge hassle if you ever need to revoke a certificate (someone lost a laptop/phone in the airport, etc).

    You can also check the "Duplicate Connection" box on the OpenVPN Server configuration page, although this is often less desirable as I mentioned.

    \

    for Duplicated connection box it's checked
    Allow multiple concurrent connections from clients using the same Common Name.

    you mean for every user i must create Server Certificate  . i'm sorry i'm new to this

    tomorrow after like 13 hours from now i will screenshots everything

    thanks alot for your help



  • Another poster had a very similar issue a few days ago.  After some feed back from the community, he fixed his issue by re-configuring his OpenVPN server from scratch and creating a separate client cert for each user.

    In theory, you may be able to create new certs and assign them without redoing your config, but then I think you may have to re-export and send everyone new certs anyway.

    So, it may be worth it to blow it away and start from scratch.



  • you mean for every user i must create Server Certificate  . i'm sorry i'm new to this

    You don't need a "Server Certificate" for every user, you need a ….. "User" certificate for every user.

    The general use of these SSL certificates needs:

    1. a Certificate of Authority (CA) usually created on the OpenVPN Server
    2. a Server Certificate created using the CA in 1)
    3. a User Certificate (NOT another Server Certificate) created using the CA in 1)
    4. Repeat 3 for as many users as you need.

    If you go into the Certificate Manager in pfSense you should be able to see all these pieces and verify that the OpenVPN Server cerificate is type "Server=YES" and the User certificate is type "Server=NO".

    As marvosa suggested, if this gets messed up from your various attempts it may be simpler to start clean and work through the steps.
    It really shouldn't be too tough to setup.


Log in to reply