Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Same IP Addresses

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fede_Reghe
      last edited by

      After Upgrade PFSense 1.2 >> PFSense 1.2.1, OpenVPN assigns to all client the same ip (192.168.190.6), and , obviously, clients continue to connect and disconnect… Certificates is different...

      OpenVPN config:

      Protocol: UDP
      Dynamic IP:checked
      Local Port: 27835
      Address Pool: 192.168.190.0/24
      Use static ip: unchecked
      Local network: 192.168.115.0/24
      Remote network: blank
      Client-to-client VPN: checked
      Cryptography: BF-CBC 128-bit
      Authentication: PKI
      LZO compression: checked

      ???

      1 Reply Last reply Reply Quote 0
      • N
        newmember
        last edited by

        Are these all individual PCs that are connecting?  Or are they different networks?

        Maybe try to disable "Client-to-client VPN"

        Cheers

        1 Reply Last reply Reply Quote 0
        • F
          Fede_Reghe
          last edited by

          Pcs are connecting from different location and IP, I've tried to disable "Client-to-client VPN", but it doesn't work…

          I'm going to format and reinstall pfsense, beacuse "reset to default" solved nothing

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Did you doublecheck that the connecting clients really have different keys/certificates?
            Resetuping pfSense doesnt help much.
            I'd rather resutup the CA and rebuild the clients.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • F
              Fede_Reghe
              last edited by

              Ok, I try to rebuild CA and certificates…

              1 Reply Last reply Reply Quote 0
              • F
                Fede_Reghe
                last edited by

                Nothing… Also, I used certificates from another openvpn that certainly it works, but i've same problem...  :-\

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  Can you show the 3 logoutputs when connecting to the pfSense server?

                  1: server
                  2: client1
                  3: client2

                  It would also help if you could provide the raw config files of all 3.
                  in /var/etc on the pf.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • F
                    Fede_Reghe
                    last edited by

                    Server:

                    
                    Jan 6 19:08:40 	openvpn[12109]: omniservicesrl.it/151.***.***.***:59418 [***] Inactivity timeout (--ping-restart), restarting
                    Jan 6 19:07:57 	openvpn[12109]: 88.***.***.***:59266 [***] Peer Connection Initiated with 88.***.***.***:59266
                    Jan 6 19:07:56 	openvpn[12109]: 88.***.***.***:59266 LZO compression initialized
                    Jan 6 19:07:56 	openvpn[12109]: 88.***.***.***:59266 Re-using SSL/TLS context
                    Jan 6 19:06:29 	openvpn[12109]: 151.***.***.***:59418 [***] Peer Connection Initiated with 151.***.***.***:59418
                    Jan 6 19:06:28 	openvpn[12109]: 151.***.***.***:59418 LZO compression initialized
                    Jan 6 19:06:28 	openvpn[12109]: 151.***.***.***:59418 Re-using SSL/TLS context
                    
                    

                    Client 1 & Client 2 are identical:

                    Tue Jan 06 19:06:21 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
                    Tue Jan 06 19:06:21 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
                    Tue Jan 06 19:06:21 2009 LZO compression initialized
                    Tue Jan 06 19:06:21 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
                    Tue Jan 06 19:06:21 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
                    Tue Jan 06 19:06:21 2009 Local Options hash (VER=V4): '41690919'
                    Tue Jan 06 19:06:21 2009 Expected Remote Options hash (VER=V4): '530fdded'
                    Tue Jan 06 19:06:21 2009 UDPv4 link local: [undef]
                    Tue Jan 06 19:06:21 2009 UDPv4 link remote: 88.***.***.***:1194
                    Tue Jan 06 19:06:21 2009 TLS: Initial packet from 88.***.***.***:1194, sid=93c9ddcc 542da9de
                    Tue Jan 06 19:06:22 2009 VERIFY OK: depth=1, /C=IT/ST=Italy/L=Nerviano__MI/O=****/CN=****/emailAddress=info@****.it
                    Tue Jan 06 19:06:22 2009 VERIFY OK: nsCertType=SERVER
                    Tue Jan 06 19:06:22 2009 VERIFY OK: depth=0, /C=IT/ST=Italy/O=****/CN=****/emailAddress=info@****.it
                    Tue Jan 06 19:06:22 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
                    Tue Jan 06 19:06:22 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                    Tue Jan 06 19:06:22 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
                    Tue Jan 06 19:06:22 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                    Tue Jan 06 19:06:22 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
                    Tue Jan 06 19:06:22 2009 [***] Peer Connection Initiated with 88.***.***.***:1194
                    Tue Jan 06 19:06:24 2009 SENT CONTROL [***]: 'PUSH_REQUEST' (status=1)
                    Tue Jan 06 19:06:24 2009 PUSH: Received control message: 'PUSH_REPLY,route 192.168.115.0 255.255.255.0,dhcp-option DNS 192.168.115.1,dhcp-option WINS 192.168.115.3,dhcp-option NTP 192.168.115.1,dhcp-option DISABLE-NBT,route 192.168.200.0 255.255.255.0,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.5'
                    Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: timers and/or timeouts modified
                    Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: --ifconfig/up options modified
                    Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: route options modified
                    Tue Jan 06 19:06:24 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
                    Tue Jan 06 19:06:24 2009 TAP-WIN32 device [OpenVPN Omni] opened: \\.\Global\{633C2C01-88D5-4F6F-9413-F34D5E4F0FC6}.tap
                    Tue Jan 06 19:06:24 2009 TAP-Win32 Driver Version 8.4 
                    Tue Jan 06 19:06:24 2009 TAP-Win32 MTU=1500
                    Tue Jan 06 19:06:24 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.200.6/255.255.255.252 on interface {633C2C01-88D5-4F6F-9413-F34D5E4F0FC6} [DHCP-serv: 192.168.200.5, lease-time: 31536000]
                    Tue Jan 06 19:06:24 2009 Successful ARP Flush on interface [11] {633C2C01-88D5-4F6F-9413-F34D5E4F0FC6}
                    Tue Jan 06 19:06:26 2009 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
                    Tue Jan 06 19:06:26 2009 route ADD 192.168.115.0 MASK 255.255.255.0 192.168.200.5
                     OK
                    Tue Jan 06 19:06:26 2009 route ADD 192.168.200.0 MASK 255.255.255.0 192.168.200.5
                     OK
                    Tue Jan 06 19:06:26 2009 Initialization Sequence Completed
                    
                    

                    Server config:

                    
                    writepid /var/run/openvpn_server0.pid
                    #user nobody
                    #group nobody
                    daemon
                    keepalive 10 60
                    ping-timer-rem
                    persist-tun
                    persist-key
                    dev tun
                    proto udp
                    cipher BF-CBC
                    up /etc/rc.filter_configure
                    down /etc/rc.filter_configure
                    client-to-client
                    server 192.168.200.0 255.255.255.0
                    client-config-dir /var/etc/openvpn_csc
                    push "route 192.168.115.0 255.255.255.0"
                    lport 1194
                    push "dhcp-option DNS 192.168.115.1"
                    push "dhcp-option WINS 192.168.115.3"
                    push "dhcp-option NTP 192.168.115.1"
                    push "dhcp-option DISABLE-NBT"
                    ca /var/etc/openvpn_server0.ca
                    cert /var/etc/openvpn_server0.cert
                    key /var/etc/openvpn_server0.key
                    dh /var/etc/openvpn_server0.dh
                    comp-lzo
                    
                    

                    Clients config (obviously certificates are different):

                    
                    ####
                    client
                    dev tun
                    proto udp
                    remote 88.***.***.*** 1194
                    ping 10
                    resolv-retry infinite
                    nobind
                    persist-key
                    persist-tun
                    ca ca-omni.crt
                    cert fede-omni.crt
                    key fede-omni.key
                    ns-cert-type server
                    comp-lzo
                    pull
                    verb 3
                    
                    #### FOR WINDOWS VISTA:
                    route-method exe
                    route-delay 2 
                    #
                    
                    
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.