Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple clients can connect but only first one works

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      poopsie
      last edited by

      Like the title says, I have setup openvpn server (Multiple times through tutorials) and have the same issue.  I can connect with PC1 and laptop1 no problem.  BUT, whichever connects first works fine, can browse network and internet no issue.  Which ever one connects second, has nothing.  No local browsing, no internet.  Nothing.

      The IP address of my OpenVPN is 10.30.50.0/24 and they get assigned .2, .3, .4 and so on.  .2 always works, anything after it does not.

      I have separate users and certs for each user using the server cert to create them.  So each device is not using the same user/cert as the other-Totally separate.  I have set concurrent users to 50, even though I am only using 2.

      Does anyone have any guidance at all as to what I am doing wrong?

      Thanks!!

      1 Reply Last reply Reply Quote 0
      • P
        poopsie
        last edited by

        If anyone has this same problem, here is the fix-

        E94F9817-D9C5-4977-854B-9890B14A08B2.jpg
        E94F9817-D9C5-4977-854B-9890B14A08B2.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • K
          kryptonie
          last edited by

          i have tried that but still not working :(

          1 Reply Last reply Reply Quote 0
          • P
            poopsie
            last edited by

            Try a reboot after.  That's what I needed to do for mine after selecting that.  You may also want to clear your state tables (Not sure if they have any influence) in case there are any hanging states left over.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Nonsense. That checkbox is almost never required. In fact, I don't think I have ever seen a case where anyone has run into that.

              You did not say what KIND of OpenVPN server you made. Remote Access? Site-to-Site? What kind of clients are connecting? From where?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What are the rules on the OpenVPN tab and the OpenVPN assigned interface tab, if any?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Most of those rules on OpenVPN are completely unnecessary but they are disabled. The one you have enabled is fine.

                  The only rule on WAN that matters is the one that passes the OpenVPN (1194) traffic itself.

                  It looks like you have everything you need there.

                  Probably time to pcap on the openvpn interface, the local interface, and see what is actually flowing where.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Don't capture on WAN, Capture on OpenVPN and on LAN.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • A
                      awair
                      last edited by awair

                      I had a similar problem during my migration from Tomato to pfsense.

                      Turned out this was due to multiple Default Routes in the Routing Table.

                      All fixed with the help of @johnpoz. You might want to check that?

                      2.4.3 (amd64)
                      and given up on the SG-1000

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.