DHCP over OpenVPN

BootSector · Apr 27, 2007, 2:33 PM

I have OpenVPN set up on my pfSense router and it is working great, if only one client is connected through the vpn. If a second client connects they fight for the same IP. My OpenVPN dhcp pool is set to 192.168.100.0/24 but any client that connects gets 192.168.100.6. Please advise.

sbarreros · Apr 29, 2007, 2:16 AM

Same deal with my vpn Server, help!!! I just lunched this server friday and I have users calling me they can't connect. The problem is they are all getting the same ip address 192.168.2.6 my address pool is set to 192.168.2.0/24 ???

fernandotcl · Apr 30, 2007, 12:22 PM

Are you guys using SSL (shared key) mode? In SSL mode, only one client can connect to the VPN. There's no such limitation if you guys use TLS (PKI) mode, though.

In case you guys are using PKI mode and it still doesn't work, please post your openvpn_{client,server}X.conf.

sbarreros · Apr 30, 2007, 2:23 PM

I'm using PKI mode, where do I find the openvpn config file in pfsense?

sbarreros · Apr 30, 2007, 10:33 PM

Any One?

GruensFroeschli · Apr 30, 2007, 11:08 PM

it does not help you when you know where the config file is stored since it is automatically generated and your own file would be overwritten.
you can change everything that stands in the config file on the config page of OpenVPN itself.
either through the GUI or in the field: "Custom options"
if you just want to have a look at the config-file it is here:
/var/etc/openvpn_server0.conf

can you see the different "Common Names" who are trying to connect when you look at the OpenVPN log?

sbarreros · Apr 30, 2007, 11:37 PM

Here is my server config file

writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto tcp-server
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
client-to-client
server 192.168.2.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 192.168.1.0 255.255.255.0"
lport 1194
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
persist-remote-ip
float
push "dhcp-option DNS 192.168.1.130"

Here is my client config file
float
port 1194
dev tun
dev-node ovpn
proto tcp-client
remote myserver.mydomin.com 1194
ping 10
persist-tun
persist-key
tls-client
ca ca.crt
cert user1.crt
key user1.key
ns-cert-type server
pull
verb 4

sbarreros · May 1, 2007, 12:12 AM

I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
I created my certificates with different common name and now it works.

Thank you gentlemen. ;D

BootSector · May 2, 2007, 8:18 PM

@sbarreros:

I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
I created my certificates with different common name and now it works.

Thank you gentlemen. ;D

I will have to try this as I think I was thinking the same thing.

daddy2aleeya · May 14, 2007, 7:54 AM

@sbarreros:

I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
I created my certificates with different common name and now it works.

Thank you gentlemen. ;D

Hi sbarreros,

I'm also have a problem same yours. What's actually u change? I'm also do like yours above, give a different name for Common Name (for client certificates), but it's also same. Both client if wanna access OpenVPN server will get the same IP Address.

Thus will give this kind of error :

"
NOTE: FlushIpNetTable failed on interface [65539] {3890476B-0667-4DE4-832E-0FB996C0862A} (status=1413) : Invalid index.
"

Somebody if can help me on this.

Here is my OpenVPN and user setting:

OpenVPN Server
–-------------

#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 10.20.2.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 10.20.20.0 255.255.255.0"
lport 81
ca /var/etc/openvpn_server2.ca
cert /var/etc/openvpn_server2.cert
key /var/etc/openvpn_server2.key
dh /var/etc/openvpn_server2.dh
persist-remote-ip
float

Client1 and Client2 Setting

float
port 81
dev tun
dev-node ovpn
proto udp
remote 10.10.100.223 81
ping 30
persist-key
persist-tun
tls-client
ca ca.crt
cert aslahuddin.crt
key aslahuddin.key
ns-cert-type server
cipher BF-CBC
pull
verb 4

Hope there is somebiody can help me on this.