Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP over OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 5 Posters 14.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BootSector
      last edited by

      I have OpenVPN set up on my pfSense router and it is working great, if only one client is connected through the vpn. If a second client connects they fight for the same IP. My OpenVPN dhcp pool is set to 192.168.100.0/24 but any client that connects gets 192.168.100.6. Please advise.

      1 Reply Last reply Reply Quote 0
      • S
        sbarreros
        last edited by

        Same deal with my vpn Server, help!!! I just lunched this server friday and I have users calling me they can't connect. The problem is they are all getting the same ip address 192.168.2.6 my address pool is set to 192.168.2.0/24 ???

        1 Reply Last reply Reply Quote 0
        • F
          fernandotcl
          last edited by

          Are you guys using SSL (shared key) mode? In SSL mode, only one client can connect to the VPN. There's no such limitation if you guys use TLS (PKI) mode, though.

          In case you guys are using PKI mode and it still doesn't work, please post your openvpn_{client,server}X.conf.

          1 Reply Last reply Reply Quote 0
          • S
            sbarreros
            last edited by

            I'm using PKI mode, where do I find the openvpn config file in pfsense?

            1 Reply Last reply Reply Quote 0
            • S
              sbarreros
              last edited by

              Any One?

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                it does not help you when you know where the config file is stored since it is automatically generated and your own file would be overwritten.
                you can change everything that stands in the config file on the config page of OpenVPN itself.
                either through the GUI or in the field: "Custom options"
                if you just want to have a look at the config-file it is here:
                /var/etc/openvpn_server0.conf

                can you see the different "Common Names" who are trying to connect when you look at the OpenVPN log?

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • S
                  sbarreros
                  last edited by

                  Here is my server config file

                  writepid /var/run/openvpn_server0.pid
                  #user nobody
                  #group nobody
                  daemon
                  keepalive 10 60
                  ping-timer-rem
                  persist-tun
                  persist-key
                  dev tun
                  proto tcp-server
                  cipher BF-CBC
                  up /etc/rc.filter_configure
                  down /etc/rc.filter_configure
                  client-to-client
                  server 192.168.2.0 255.255.255.0
                  client-config-dir /var/etc/openvpn_csc
                  push "route 192.168.1.0 255.255.255.0"
                  lport 1194
                  ca /var/etc/openvpn_server0.ca
                  cert /var/etc/openvpn_server0.cert
                  key /var/etc/openvpn_server0.key
                  dh /var/etc/openvpn_server0.dh
                  persist-remote-ip
                  float
                  push "dhcp-option DNS 192.168.1.130"

                  Here is my client config file
                  float
                  port 1194
                  dev tun
                  dev-node ovpn
                  proto tcp-client
                  remote myserver.mydomin.com 1194
                  ping 10
                  persist-tun
                  persist-key
                  tls-client
                  ca ca.crt
                  cert user1.crt
                  key user1.key
                  ns-cert-type server
                  pull
                  verb 4

                  1 Reply Last reply Reply Quote 0
                  • S
                    sbarreros
                    last edited by

                    I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
                    I created my certificates with different common name and now it works.

                    Thank you gentlemen. ;D

                    1 Reply Last reply Reply Quote 0
                    • B
                      BootSector
                      last edited by

                      @sbarreros:

                      I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
                      I created my certificates with different common name and now it works.

                      Thank you gentlemen. ;D

                      I will have to try this as I think I was thinking the same thing.

                      1 Reply Last reply Reply Quote 0
                      • D
                        daddy2aleeya
                        last edited by

                        @sbarreros:

                        I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
                        I created my certificates with different common name and now it works.

                        Thank you gentlemen. ;D

                        Hi sbarreros,

                        I'm also have a problem same yours. What's actually u change? I'm also do like yours above, give a different name for Common Name (for client certificates), but it's also same. Both client if wanna access OpenVPN server will get the same IP Address.

                        Thus will give this kind of error :

                        "
                        NOTE: FlushIpNetTable failed on interface [65539] {3890476B-0667-4DE4-832E-0FB996C0862A} (status=1413) : Invalid index.
                        "

                        Somebody if can help me on this.

                        Here is my OpenVPN and user setting:

                        OpenVPN Server
                        –-------------

                        #user nobody
                        #group nobody
                        daemon
                        keepalive 10 60
                        ping-timer-rem
                        persist-tun
                        persist-key
                        dev tun
                        proto udp
                        cipher BF-CBC
                        up /etc/rc.filter_configure
                        down /etc/rc.filter_configure
                        server 10.20.2.0 255.255.255.0
                        client-config-dir /var/etc/openvpn_csc
                        push "route 10.20.20.0 255.255.255.0"
                        lport 81
                        ca /var/etc/openvpn_server2.ca
                        cert /var/etc/openvpn_server2.cert
                        key /var/etc/openvpn_server2.key
                        dh /var/etc/openvpn_server2.dh
                        persist-remote-ip
                        float

                        Client1 and Client2 Setting

                        float
                        port 81
                        dev tun
                        dev-node ovpn
                        proto udp
                        remote 10.10.100.223 81
                        ping 30
                        persist-key
                        persist-tun
                        tls-client
                        ca ca.crt
                        cert aslahuddin.crt
                        key aslahuddin.key
                        ns-cert-type server
                        cipher BF-CBC
                        pull
                        verb 4

                        Hope there is somebiody can help me on this.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.