DHCP over OpenVPN



  • I have OpenVPN set up on my pfSense router and it is working great, if only one client is connected through the vpn. If a second client connects they fight for the same IP. My OpenVPN dhcp pool is set to 192.168.100.0/24 but any client that connects gets 192.168.100.6. Please advise.



  • Same deal with my vpn Server, help!!! I just lunched this server friday and I have users calling me they can't connect. The problem is they are all getting the same ip address 192.168.2.6 my address pool is set to 192.168.2.0/24 ???



  • Are you guys using SSL (shared key) mode? In SSL mode, only one client can connect to the VPN. There's no such limitation if you guys use TLS (PKI) mode, though.

    In case you guys are using PKI mode and it still doesn't work, please post your openvpn_{client,server}X.conf.



  • I'm using PKI mode, where do I find the openvpn config file in pfsense?



  • Any One?



  • it does not help you when you know where the config file is stored since it is automatically generated and your own file would be overwritten.
    you can change everything that stands in the config file on the config page of OpenVPN itself.
    either through the GUI or in the field: "Custom options"
    if you just want to have a look at the config-file it is here:
    /var/etc/openvpn_server0.conf

    can you see the different "Common Names" who are trying to connect when you look at the OpenVPN log?



  • Here is my server config file

    writepid /var/run/openvpn_server0.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto tcp-server
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    client-to-client
    server 192.168.2.0 255.255.255.0
    client-config-dir /var/etc/openvpn_csc
    push "route 192.168.1.0 255.255.255.0"
    lport 1194
    ca /var/etc/openvpn_server0.ca
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh
    persist-remote-ip
    float
    push "dhcp-option DNS 192.168.1.130"

    Here is my client config file
    float
    port 1194
    dev tun
    dev-node ovpn
    proto tcp-client
    remote myserver.mydomin.com 1194
    ping 10
    persist-tun
    persist-key
    tls-client
    ca ca.crt
    cert user1.crt
    key user1.key
    ns-cert-type server
    pull
    verb 4



  • I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
    I created my certificates with different common name and now it works.

    Thank you gentlemen. ;D



  • @sbarreros:

    I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
    I created my certificates with different common name and now it works.

    Thank you gentlemen. ;D

    I will have to try this as I think I was thinking the same thing.



  • @sbarreros:

    I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
    I created my certificates with different common name and now it works.

    Thank you gentlemen. ;D

    Hi sbarreros,

    I'm also have a problem same yours. What's actually u change? I'm also do like yours above, give a different name for Common Name (for client certificates), but it's also same. Both client if wanna access OpenVPN server will get the same IP Address.

    Thus will give this kind of error :

    "
    NOTE: FlushIpNetTable failed on interface [65539] {3890476B-0667-4DE4-832E-0FB996C0862A} (status=1413) : Invalid index.
    "

    Somebody if can help me on this.

    Here is my OpenVPN and user setting:

    OpenVPN Server
    –-------------

    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    server 10.20.2.0 255.255.255.0
    client-config-dir /var/etc/openvpn_csc
    push "route 10.20.20.0 255.255.255.0"
    lport 81
    ca /var/etc/openvpn_server2.ca
    cert /var/etc/openvpn_server2.cert
    key /var/etc/openvpn_server2.key
    dh /var/etc/openvpn_server2.dh
    persist-remote-ip
    float

    Client1 and Client2 Setting

    float
    port 81
    dev tun
    dev-node ovpn
    proto udp
    remote 10.10.100.223 81
    ping 30
    persist-key
    persist-tun
    tls-client
    ca ca.crt
    cert aslahuddin.crt
    key aslahuddin.key
    ns-cert-type server
    cipher BF-CBC
    pull
    verb 4

    Hope there is somebiody can help me on this.


Log in to reply