Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Remote Access Server - only first connection works fine.

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 718 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a_sand
      last edited by

      Hello!
      As I can understand it is a common problem, but there is no typical solution.
      I have configured OpenVPN for remote access with wizard.
      First client connected and all works fine. Client have access anywhere I want (as per configured subnets). But any another clients can connect, get the routes and then....nothing. They cannot ping anything including VPN server.

      As per my investigation it is due to additional tunnels does not created at pfSense side.

      10.150.100.1 is my VPN server.
      10.150.100.2 is the first connected client.

      3106e222-ec45-4fe9-8590-78f4e29863d4-image.png

      While 2-nd and another clients connected there is no additional tunnels like 10.150.100.1 --> 10.150.100.x created.

      I have even reinstall pfSense and confugure VPN from a scratch. There is no effect.

      Please give me an idea.

      My config

      f1d48125-9794-4faa-babb-ddb4c1f556c3-image.png

      f23d1b48-3dfc-4a90-b53d-b3cf3264f3e8-image.png

      2b3d97d2-9c7b-469e-bdfd-eea82487f0fb-image.png

      9a122714-2d75-47c6-a908-570f291721a8-image.png

      f336a885-5238-41fd-a6c4-8013b24f910f-image.png

      9c4aa10e-be79-46a9-9921-0a1cc018a8a5-image.png

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Do you use different user certificates for each client?

        1 Reply Last reply Reply Quote 0
        • A
          a_sand
          last edited by

          Of course.
          The certificates are different.
          also clients gets different IP's.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            You have the User CSOs in place? VPN > OpenVPN > Client Specific Overrides
            I always start with .11 for the first user, second .12 and so on.
            Afaik 10.150.100.2 should not be your first user, it's the 'virtual' Gateway used by OpenVPN. You don't see the clients in the system routing table, they are managed inside OpenVPN.

            -Rico

            A 1 Reply Last reply Reply Quote 0
            • A
              a_sand @Rico
              last edited by

              @Rico I have no CSO

              1 Reply Last reply Reply Quote 0
              • RicoR
                Rico LAYER 8 Rebel Alliance
                last edited by

                Check the OpenVPN Routing table in Status > OpenVPN
                And give it a try with CSOs.

                -Rico

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.