only one user account works with openvpn
-
i have created a open vpn server and it works fine until i want to connect more than one user. the only user that works is the first user i used to sign into it, any user since then does not work. even if the first user is disconnected.
all users are authenticating properly and connecting, but only the initial user can access anything (WAN and LAN).
the end goal is to have one vpn server instance servicing several clients with access to WAN and LAN. it is most certainly a routing issue but im unfamiliar with the platform
-
Share your OpenVPN settings and Firewall Rules (screenshots).
-Rico
-
open vpn screenshots:
-
@rico firewall rules:
i do not have fail over setup or anything, primary gateway externally is Comcast, i switch to Verizon manually
-
for context:
iv tried it with the route to Comcast gateway and it doesn't change anything. it routes the first user i used to log in just fine, cant get any other to work -
In your OpenVPN Firewall tab change source to 10.10.5.0/24
And delete your static route.-Rico
-
corrected that, still only first user works, no other user can route
-
10.10.5.2 is the connection that works and 10.10.5.3 is one of the other clients that isn't working
-
Are you trying to use the same certificate/CN for all clients?
-
im using the client export utility so if it doesn't create unique ones i guess i am, huh
-
Then you need to check that box that allows multiple users with the same CN.
Better to make certificates for each user.
Client export doesn't make them. You have to make them.
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html
-
under user manager is where i create them?
but once i make them, i have to add the cn to the config manually? i love the windows installer export
-
Yes. You can create the certificates there. Please see the book chapter linked.
No. If everything is set up properly, the client exporter will include the individual, per-user certificates.
-
i had it on authentication only in the open vpn server, now users are showing up for export, you nailed it thank you so much!