OpenVPN Remote Access Server - only first connection works fine.



  • Hello!
    As I can understand it is a common problem, but there is no typical solution.
    I have configured OpenVPN for remote access with wizard.
    First client connected and all works fine. Client have access anywhere I want (as per configured subnets). But any another clients can connect, get the routes and then....nothing. They cannot ping anything including VPN server.

    As per my investigation it is due to additional tunnels does not created at pfSense side.

    10.150.100.1 is my VPN server.
    10.150.100.2 is the first connected client.

    3106e222-ec45-4fe9-8590-78f4e29863d4-image.png

    While 2-nd and another clients connected there is no additional tunnels like 10.150.100.1 --> 10.150.100.x created.

    I have even reinstall pfSense and confugure VPN from a scratch. There is no effect.

    Please give me an idea.

    My config

    f1d48125-9794-4faa-babb-ddb4c1f556c3-image.png

    f23d1b48-3dfc-4a90-b53d-b3cf3264f3e8-image.png

    2b3d97d2-9c7b-469e-bdfd-eea82487f0fb-image.png

    9a122714-2d75-47c6-a908-570f291721a8-image.png

    f336a885-5238-41fd-a6c4-8013b24f910f-image.png

    9c4aa10e-be79-46a9-9921-0a1cc018a8a5-image.png



  • Do you use different user certificates for each client?



  • Of course.
    The certificates are different.
    also clients gets different IP's.


  • LAYER 8 Rebel Alliance

    You have the User CSOs in place? VPN > OpenVPN > Client Specific Overrides
    I always start with .11 for the first user, second .12 and so on.
    Afaik 10.150.100.2 should not be your first user, it's the 'virtual' Gateway used by OpenVPN. You don't see the clients in the system routing table, they are managed inside OpenVPN.

    -Rico



  • @Rico I have no CSO


  • LAYER 8 Rebel Alliance

    Check the OpenVPN Routing table in Status > OpenVPN
    And give it a try with CSOs.

    -Rico


Log in to reply