Cannot have 2 connections from one ip address



  • I setup a pfsense box at work to take over for a very aged cisco router and i setup openvpn so a few people could connect from home. But the boss and his wife both work from home on occasion and they cannot connect to the vpn at the same time. When one connects the other cant. Then if the first one disconnects the second can then connect. I have never setup a vpn before so I'm not sure what I'm missing. Here's where it gets stuck on the one that cant connect.

    UDPv4 link local(bound): [undef]
    UDPv4 link Remote [AF_INET] (ipofwork)
    SIGUSR1[soft,tls-error] received, process restarting
    
    

    I tried to tick "Allow multiple concurrent connections from clients using the same Common Name." but that did not work.



  • Post your server config.



  • how high did you set your "concurrent connections" ?



  • I have it set to 5 concurrent connections and 4 people haven't even been on at the same time yet.
    Here's screenshots of the config http://imgur.com/a/0K7UU I followed a guide to set it up so I may have something wrong.



  • Your config is pretty close to mine with the exception of the server mode… I'm using Remote Access(SSL/TLS) and you're using Remote Access(SSL/TLS + User Auth).   I replicated your settings (except for server mode) but could not re-produce the problem....  the 2nd client always connected for me (tried both same common name and different).  Post the full client log... maybe there's something telling in there.

    The only thing I see different in your config that may be contributing to your issue:

    1.  You do not have a Certificate Revocations list defined.  Create one and add it to your config.

    After you set up the revocation list, I would create a separate account for the wife, re-export both configs and have them both re-install with the new bundled windows installer.

    Also, remember uninstalling the client does not delete the "config" i.e. (C:\Program Files (x86)\OpenVPN\config) folder... I would have them manually delete it or you risk confusing the users because the old config shows up and may get used again.



  • That sounds a lot like a problem with the router the clients are behind, if the clients are at a different location or one of them behind something else, does it work? Some residential-grade routers/NAT devices do stupid things with UDP.


Locked