Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with openvpn i cant use nore than 1 user

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mahmoudsabry
      last edited by

      Hello.
      I got a problem with openvpn i cant use more than one user
      When the user disconnects i can use the other one.
      Any help.
      Thanks in advanced

      note :

      1- i install openvpn package
      2- created a certificate server
      3- i created some of users and refer them to the certificate
      4- i created openvpn server and refer it to the server certificate from CertManager .
      5- i downloaded the client export for android for each user

      1 device taking ip and works but the others getting ip but didn't works or redirect

      concurrent session is : 10

      IPv4 Tunnel Network :10.10.10.0/24
      IPv4 Local network(s) :192.168.1.0/24

      Advanced Configuration
      Custom Options:
      push "route 192.168.1.0 255.255.255.0"

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Using the same certificate for everyone?

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          Considering zero details were provided, we can only speculate.

          In addition to doktornotor's question, have you double checked the "Concurrent connections" setting in your config?

          1 Reply Last reply Reply Quote 0
          • M
            mahmoudsabry
            last edited by

            @doktornotor:

            Using the same certificate for everyone?

            i'm using the same server certificate for all

            i have done Server certificate and each user i created on it i refer them to the server certificate

            1 Reply Last reply Reply Quote 0
            • M
              mahmoudsabry
              last edited by

              @marvosa:

              Considering zero details were provided, we can only speculate.

              In addition to doktornotor's question, have you double checked the "Concurrent connections" setting in your config?

              yes it's 10 but i would like to ask i must create some openvpn server so they didn't stuck  or 1 just fine

              1 Reply Last reply Reply Quote 0
              • M
                mahmoudsabry
                last edited by

                if there any questions i must answer i'm  here

                1 Reply Last reply Reply Quote 0
                • D
                  divsys
                  last edited by

                  i'm using the same server certificate for all

                  hint - What happens when you create (using the sames CA as the first) and use a second certificate for one of your client users?

                  You'll probably find this will work out better, it means you need to create a new certificate for each simultaneous connect.
                  Saves a huge hassle if you ever need to revoke a certificate (someone lost a laptop/phone in the airport, etc).

                  You can also check the "Duplicate Connection" box on the OpenVPN Server configuration page, although this is often less desirable as I mentioned.

                  -jfp

                  1 Reply Last reply Reply Quote 0
                  • M
                    mahmoudsabry
                    last edited by

                    @divsys:

                    i'm using the same server certificate for all

                    hint - What happens when you create (using the sames CA as the first) and use a second certificate for one of your client users?

                    You'll probably find this will work out better, it means you need to create a new certificate for each simultaneous connect.
                    Saves a huge hassle if you ever need to revoke a certificate (someone lost a laptop/phone in the airport, etc).

                    You can also check the "Duplicate Connection" box on the OpenVPN Server configuration page, although this is often less desirable as I mentioned.

                    \

                    for Duplicated connection box it's checked
                    Allow multiple concurrent connections from clients using the same Common Name.

                    you mean for every user i must create Server Certificate  . i'm sorry i'm new to this

                    tomorrow after like 13 hours from now i will screenshots everything

                    thanks alot for your help

                    1 Reply Last reply Reply Quote 0
                    • M
                      marvosa
                      last edited by

                      Another poster had a very similar issue a few days ago.  After some feed back from the community, he fixed his issue by re-configuring his OpenVPN server from scratch and creating a separate client cert for each user.

                      In theory, you may be able to create new certs and assign them without redoing your config, but then I think you may have to re-export and send everyone new certs anyway.

                      So, it may be worth it to blow it away and start from scratch.

                      1 Reply Last reply Reply Quote 0
                      • D
                        divsys
                        last edited by

                        you mean for every user i must create Server Certificate  . i'm sorry i'm new to this

                        You don't need a "Server Certificate" for every user, you need a ….. "User" certificate for every user.

                        The general use of these SSL certificates needs:

                        1. a Certificate of Authority (CA) usually created on the OpenVPN Server
                        2. a Server Certificate created using the CA in 1)
                        3. a User Certificate (NOT another Server Certificate) created using the CA in 1)
                        4. Repeat 3 for as many users as you need.

                        If you go into the Certificate Manager in pfSense you should be able to see all these pieces and verify that the OpenVPN Server cerificate is type "Server=YES" and the User certificate is type "Server=NO".

                        As marvosa suggested, if this gets messed up from your various attempts it may be simpler to start clean and work through the steps.
                        It really shouldn't be too tough to setup.

                        -jfp

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.