• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DHCP over OpenVPN

Scheduled Pinned Locked Moved OpenVPN
10 Posts 5 Posters 14.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    BootSector
    last edited by Apr 27, 2007, 2:33 PM

    I have OpenVPN set up on my pfSense router and it is working great, if only one client is connected through the vpn. If a second client connects they fight for the same IP. My OpenVPN dhcp pool is set to 192.168.100.0/24 but any client that connects gets 192.168.100.6. Please advise.

    1 Reply Last reply Reply Quote 0
    • S
      sbarreros
      last edited by Apr 29, 2007, 2:16 AM

      Same deal with my vpn Server, help!!! I just lunched this server friday and I have users calling me they can't connect. The problem is they are all getting the same ip address 192.168.2.6 my address pool is set to 192.168.2.0/24 ???

      1 Reply Last reply Reply Quote 0
      • F
        fernandotcl
        last edited by Apr 30, 2007, 12:22 PM

        Are you guys using SSL (shared key) mode? In SSL mode, only one client can connect to the VPN. There's no such limitation if you guys use TLS (PKI) mode, though.

        In case you guys are using PKI mode and it still doesn't work, please post your openvpn_{client,server}X.conf.

        1 Reply Last reply Reply Quote 0
        • S
          sbarreros
          last edited by Apr 30, 2007, 2:23 PM

          I'm using PKI mode, where do I find the openvpn config file in pfsense?

          1 Reply Last reply Reply Quote 0
          • S
            sbarreros
            last edited by Apr 30, 2007, 10:33 PM

            Any One?

            1 Reply Last reply Reply Quote 0
            • G
              GruensFroeschli
              last edited by Apr 30, 2007, 11:08 PM Apr 30, 2007, 10:54 PM

              it does not help you when you know where the config file is stored since it is automatically generated and your own file would be overwritten.
              you can change everything that stands in the config file on the config page of OpenVPN itself.
              either through the GUI or in the field: "Custom options"
              if you just want to have a look at the config-file it is here:
              /var/etc/openvpn_server0.conf

              can you see the different "Common Names" who are trying to connect when you look at the OpenVPN log?

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • S
                sbarreros
                last edited by Apr 30, 2007, 11:37 PM

                Here is my server config file

                writepid /var/run/openvpn_server0.pid
                #user nobody
                #group nobody
                daemon
                keepalive 10 60
                ping-timer-rem
                persist-tun
                persist-key
                dev tun
                proto tcp-server
                cipher BF-CBC
                up /etc/rc.filter_configure
                down /etc/rc.filter_configure
                client-to-client
                server 192.168.2.0 255.255.255.0
                client-config-dir /var/etc/openvpn_csc
                push "route 192.168.1.0 255.255.255.0"
                lport 1194
                ca /var/etc/openvpn_server0.ca
                cert /var/etc/openvpn_server0.cert
                key /var/etc/openvpn_server0.key
                dh /var/etc/openvpn_server0.dh
                persist-remote-ip
                float
                push "dhcp-option DNS 192.168.1.130"

                Here is my client config file
                float
                port 1194
                dev tun
                dev-node ovpn
                proto tcp-client
                remote myserver.mydomin.com 1194
                ping 10
                persist-tun
                persist-key
                tls-client
                ca ca.crt
                cert user1.crt
                key user1.key
                ns-cert-type server
                pull
                verb 4

                1 Reply Last reply Reply Quote 0
                • S
                  sbarreros
                  last edited by May 1, 2007, 12:12 AM

                  I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
                  I created my certificates with different common name and now it works.

                  Thank you gentlemen. ;D

                  1 Reply Last reply Reply Quote 0
                  • B
                    BootSector
                    last edited by May 2, 2007, 8:18 PM

                    @sbarreros:

                    I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
                    I created my certificates with different common name and now it works.

                    Thank you gentlemen. ;D

                    I will have to try this as I think I was thinking the same thing.

                    1 Reply Last reply Reply Quote 0
                    • D
                      daddy2aleeya
                      last edited by May 14, 2007, 7:54 AM

                      @sbarreros:

                      I found what my problem was, when I was creating my client certificates in the common name I was entering the same name myserver.mydomain.com thinking this was refering to the openvpn server name.
                      I created my certificates with different common name and now it works.

                      Thank you gentlemen. ;D

                      Hi sbarreros,

                      I'm also have a problem same yours. What's actually u change? I'm also do like yours above, give a different name for Common Name (for client certificates), but it's also same. Both client if wanna access OpenVPN server will get the same IP Address.

                      Thus will give this kind of error :

                      "
                      NOTE: FlushIpNetTable failed on interface [65539] {3890476B-0667-4DE4-832E-0FB996C0862A} (status=1413) : Invalid index.
                      "

                      Somebody if can help me on this.

                      Here is my OpenVPN and user setting:

                      OpenVPN Server
                      –-------------

                      #user nobody
                      #group nobody
                      daemon
                      keepalive 10 60
                      ping-timer-rem
                      persist-tun
                      persist-key
                      dev tun
                      proto udp
                      cipher BF-CBC
                      up /etc/rc.filter_configure
                      down /etc/rc.filter_configure
                      server 10.20.2.0 255.255.255.0
                      client-config-dir /var/etc/openvpn_csc
                      push "route 10.20.20.0 255.255.255.0"
                      lport 81
                      ca /var/etc/openvpn_server2.ca
                      cert /var/etc/openvpn_server2.cert
                      key /var/etc/openvpn_server2.key
                      dh /var/etc/openvpn_server2.dh
                      persist-remote-ip
                      float

                      Client1 and Client2 Setting

                      float
                      port 81
                      dev tun
                      dev-node ovpn
                      proto udp
                      remote 10.10.100.223 81
                      ping 30
                      persist-key
                      persist-tun
                      tls-client
                      ca ca.crt
                      cert aslahuddin.crt
                      key aslahuddin.key
                      ns-cert-type server
                      cipher BF-CBC
                      pull
                      verb 4

                      Hope there is somebiody can help me on this.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        [[user:consent.lead]]
                        [[user:consent.not_received]]