4. VPN Same IP Addresses

VPN Same IP Addresses

  • F

    After Upgrade PFSense 1.2 >> PFSense 1.2.1, OpenVPN assigns to all client the same ip (192.168.190.6), and , obviously, clients continue to connect and disconnect… Certificates is different...

    OpenVPN config:

    Protocol: UDP
    Dynamic IP:checked
    Local Port: 27835
    Address Pool: 192.168.190.0/24
    Use static ip: unchecked
    Local network: 192.168.115.0/24
    Remote network: blank
    Client-to-client VPN: checked
    Cryptography: BF-CBC 128-bit
    Authentication: PKI
    LZO compression: checked

    ???

    0
  • N

    Are these all individual PCs that are connecting?  Or are they different networks?

    Maybe try to disable "Client-to-client VPN"

    Cheers

    0
  • F

    Pcs are connecting from different location and IP, I've tried to disable "Client-to-client VPN", but it doesn't work…

    I'm going to format and reinstall pfsense, beacuse "reset to default" solved nothing

    0

  • Did you doublecheck that the connecting clients really have different keys/certificates?
    Resetuping pfSense doesnt help much.
    I'd rather resutup the CA and rebuild the clients.

    0
  • F

    Ok, I try to rebuild CA and certificates…

    0
  • F

    Nothing… Also, I used certificates from another openvpn that certainly it works, but i've same problem...  :-\

    0

  • Can you show the 3 logoutputs when connecting to the pfSense server?

    1: server
    2: client1
    3: client2

    It would also help if you could provide the raw config files of all 3.
    in /var/etc on the pf.

    0
  • F

    Server:

    
Jan 6 19:08:40 	openvpn[12109]: omniservicesrl.it/151.***.***.***:59418 [***] Inactivity timeout (--ping-restart), restarting
Jan 6 19:07:57 	openvpn[12109]: 88.***.***.***:59266 [***] Peer Connection Initiated with 88.***.***.***:59266
Jan 6 19:07:56 	openvpn[12109]: 88.***.***.***:59266 LZO compression initialized
Jan 6 19:07:56 	openvpn[12109]: 88.***.***.***:59266 Re-using SSL/TLS context
Jan 6 19:06:29 	openvpn[12109]: 151.***.***.***:59418 [***] Peer Connection Initiated with 151.***.***.***:59418
Jan 6 19:06:28 	openvpn[12109]: 151.***.***.***:59418 LZO compression initialized
Jan 6 19:06:28 	openvpn[12109]: 151.***.***.***:59418 Re-using SSL/TLS context

    Client 1 & Client 2 are identical:

    Tue Jan 06 19:06:21 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Jan 06 19:06:21 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Jan 06 19:06:21 2009 LZO compression initialized
Tue Jan 06 19:06:21 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 06 19:06:21 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 06 19:06:21 2009 Local Options hash (VER=V4): '41690919'
Tue Jan 06 19:06:21 2009 Expected Remote Options hash (VER=V4): '530fdded'
Tue Jan 06 19:06:21 2009 UDPv4 link local: [undef]
Tue Jan 06 19:06:21 2009 UDPv4 link remote: 88.***.***.***:1194
Tue Jan 06 19:06:21 2009 TLS: Initial packet from 88.***.***.***:1194, sid=93c9ddcc 542da9de
Tue Jan 06 19:06:22 2009 VERIFY OK: depth=1, /C=IT/ST=Italy/L=Nerviano__MI/O=****/CN=****/emailAddress=info@****.it
Tue Jan 06 19:06:22 2009 VERIFY OK: nsCertType=SERVER
Tue Jan 06 19:06:22 2009 VERIFY OK: depth=0, /C=IT/ST=Italy/O=****/CN=****/emailAddress=info@****.it
Tue Jan 06 19:06:22 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 06 19:06:22 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 06 19:06:22 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 06 19:06:22 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 06 19:06:22 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 06 19:06:22 2009 [***] Peer Connection Initiated with 88.***.***.***:1194
Tue Jan 06 19:06:24 2009 SENT CONTROL [***]: 'PUSH_REQUEST' (status=1)
Tue Jan 06 19:06:24 2009 PUSH: Received control message: 'PUSH_REPLY,route 192.168.115.0 255.255.255.0,dhcp-option DNS 192.168.115.1,dhcp-option WINS 192.168.115.3,dhcp-option NTP 192.168.115.1,dhcp-option DISABLE-NBT,route 192.168.200.0 255.255.255.0,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.5'
Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: route options modified
Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jan 06 19:06:24 2009 TAP-WIN32 device [OpenVPN Omni] opened: \\.\Global\{633C2C01-88D5-4F6F-9413-F34D5E4F0FC6}.tap
Tue Jan 06 19:06:24 2009 TAP-Win32 Driver Version 8.4 
Tue Jan 06 19:06:24 2009 TAP-Win32 MTU=1500
Tue Jan 06 19:06:24 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.200.6/255.255.255.252 on interface {633C2C01-88D5-4F6F-9413-F34D5E4F0FC6} [DHCP-serv: 192.168.200.5, lease-time: 31536000]
Tue Jan 06 19:06:24 2009 Successful ARP Flush on interface [11] {633C2C01-88D5-4F6F-9413-F34D5E4F0FC6}
Tue Jan 06 19:06:26 2009 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue Jan 06 19:06:26 2009 route ADD 192.168.115.0 MASK 255.255.255.0 192.168.200.5
 OK
Tue Jan 06 19:06:26 2009 route ADD 192.168.200.0 MASK 255.255.255.0 192.168.200.5
 OK
Tue Jan 06 19:06:26 2009 Initialization Sequence Completed

    Server config:

    
writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
client-to-client
server 192.168.200.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 192.168.115.0 255.255.255.0"
lport 1194
push "dhcp-option DNS 192.168.115.1"
push "dhcp-option WINS 192.168.115.3"
push "dhcp-option NTP 192.168.115.1"
push "dhcp-option DISABLE-NBT"
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo

    Clients config (obviously certificates are different):

    
####
client
dev tun
proto udp
remote 88.***.***.*** 1194
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-omni.crt
cert fede-omni.crt
key fede-omni.key
ns-cert-type server
comp-lzo
pull
verb 3

#### FOR WINDOWS VISTA:
route-method exe
route-delay 2 
#
    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy