Problem with openvpn i cant use nore than 1 user
-
Hello.
I got a problem with openvpn i cant use more than one user
When the user disconnects i can use the other one.
Any help.
Thanks in advancednote :
1- i install openvpn package
2- created a certificate server
3- i created some of users and refer them to the certificate
4- i created openvpn server and refer it to the server certificate from CertManager .
5- i downloaded the client export for android for each user1 device taking ip and works but the others getting ip but didn't works or redirect
concurrent session is : 10
IPv4 Tunnel Network :10.10.10.0/24
IPv4 Local network(s) :192.168.1.0/24Advanced Configuration
Custom Options:
push "route 192.168.1.0 255.255.255.0" -
Using the same certificate for everyone?
-
Considering zero details were provided, we can only speculate.
In addition to doktornotor's question, have you double checked the "Concurrent connections" setting in your config?
-
Using the same certificate for everyone?
i'm using the same server certificate for all
i have done Server certificate and each user i created on it i refer them to the server certificate
-
Considering zero details were provided, we can only speculate.
In addition to doktornotor's question, have you double checked the "Concurrent connections" setting in your config?
yes it's 10 but i would like to ask i must create some openvpn server so they didn't stuck or 1 just fine
-
if there any questions i must answer i'm here
-
i'm using the same server certificate for all
hint - What happens when you create (using the sames CA as the first) and use a second certificate for one of your client users?
You'll probably find this will work out better, it means you need to create a new certificate for each simultaneous connect.
Saves a huge hassle if you ever need to revoke a certificate (someone lost a laptop/phone in the airport, etc).You can also check the "Duplicate Connection" box on the OpenVPN Server configuration page, although this is often less desirable as I mentioned.
-
i'm using the same server certificate for all
hint - What happens when you create (using the sames CA as the first) and use a second certificate for one of your client users?
You'll probably find this will work out better, it means you need to create a new certificate for each simultaneous connect.
Saves a huge hassle if you ever need to revoke a certificate (someone lost a laptop/phone in the airport, etc).You can also check the "Duplicate Connection" box on the OpenVPN Server configuration page, although this is often less desirable as I mentioned.
\
for Duplicated connection box it's checked
Allow multiple concurrent connections from clients using the same Common Name.you mean for every user i must create Server Certificate . i'm sorry i'm new to this
tomorrow after like 13 hours from now i will screenshots everything
thanks alot for your help
-
Another poster had a very similar issue a few days ago. After some feed back from the community, he fixed his issue by re-configuring his OpenVPN server from scratch and creating a separate client cert for each user.
In theory, you may be able to create new certs and assign them without redoing your config, but then I think you may have to re-export and send everyone new certs anyway.
So, it may be worth it to blow it away and start from scratch.
-
you mean for every user i must create Server Certificate . i'm sorry i'm new to this
You don't need a "Server Certificate" for every user, you need a ….. "User" certificate for every user.
The general use of these SSL certificates needs:
- a Certificate of Authority (CA) usually created on the OpenVPN Server
- a Server Certificate created using the CA in 1)
- a User Certificate (NOT another Server Certificate) created using the CA in 1)
- Repeat 3 for as many users as you need.
If you go into the Certificate Manager in pfSense you should be able to see all these pieces and verify that the OpenVPN Server cerificate is type "Server=YES" and the User certificate is type "Server=NO".
As marvosa suggested, if this gets messed up from your various attempts it may be simpler to start clean and work through the steps.
It really shouldn't be too tough to setup.