Assign static pool to road warriors with same user



  • I'm trying to assign an address pool to a group of road warriors sharing the same user/cert, but the same ip is assigned to all connections. I'm doing something wrong ? or is mandarory in order to have different adresses to have different usernames ?

    Thank youu!!



  • @jmhoms:

    I'm trying to assign an address pool to a group of road warriors sharing the same user/cert, but the same ip is assigned to all connections. I'm doing something wrong ? or is mandarory in order to have different adresses to have different usernames ?

    Thank youu!!

    Each client needs it's own certificat and key!

    The clients are being distinguished through their certificate.

    Using the same key and certificate defeats the purpose of having a PKI!



  • Yes, i know. It's only an administrative affair. The fact was that the key was given to an external company, and they tried to connect more than one session at a time with the same key, and it worked for they (their client said connected). For us it's no problem, so all that users share the same responsability against us. So i tried to add a pool to all they users, but then i discovered that the same ip is assigned to all they (so all they loss some traffic when connected at the same time).

    Administratively it's no problem to create more accounts, only asking myself if technically possible to share a key.

    Thanks for your reply.



  • From the example-config of a OpenVPN Client:

    Uncomment this directive if multiple clients

    might connect with the same certificate/key

    files or common names.  This is recommended

    only for testing purposes.  For production use,

    each client should have its own certificate/key

    pair.

    IF YOU HAVE NOT GENERATED INDIVIDUAL

    CERTIFICATE/KEY PAIRS FOR EACH CLIENT,

    EACH HAVING ITS OWN UNIQUE "COMMON NAME",

    UNCOMMENT THIS LINE OUT.

    ;duplicate-cn



  • w0w!

    i will try it. If it works will write hundred times RTFM.
    Will see if this affect the ip assignation.

    Thanks.

    Josep M.


Log in to reply