Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Assign static pool to road warriors with same user

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmhoms
      last edited by

      I'm trying to assign an address pool to a group of road warriors sharing the same user/cert, but the same ip is assigned to all connections. I'm doing something wrong ? or is mandarory in order to have different adresses to have different usernames ?

      Thank youu!!

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        @jmhoms:

        I'm trying to assign an address pool to a group of road warriors sharing the same user/cert, but the same ip is assigned to all connections. I'm doing something wrong ? or is mandarory in order to have different adresses to have different usernames ?

        Thank youu!!

        Each client needs it's own certificat and key!

        The clients are being distinguished through their certificate.

        Using the same key and certificate defeats the purpose of having a PKI!

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • J
          jmhoms
          last edited by

          Yes, i know. It's only an administrative affair. The fact was that the key was given to an external company, and they tried to connect more than one session at a time with the same key, and it worked for they (their client said connected). For us it's no problem, so all that users share the same responsability against us. So i tried to add a pool to all they users, but then i discovered that the same ip is assigned to all they (so all they loss some traffic when connected at the same time).

          Administratively it's no problem to create more accounts, only asking myself if technically possible to share a key.

          Thanks for your reply.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            From the example-config of a OpenVPN Client:

            Uncomment this directive if multiple clients

            might connect with the same certificate/key

            files or common names.  This is recommended

            only for testing purposes.  For production use,

            each client should have its own certificate/key

            pair.

            IF YOU HAVE NOT GENERATED INDIVIDUAL

            CERTIFICATE/KEY PAIRS FOR EACH CLIENT,

            EACH HAVING ITS OWN UNIQUE "COMMON NAME",

            UNCOMMENT THIS LINE OUT.

            ;duplicate-cn

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • J
              jmhoms
              last edited by

              w0w!

              i will try it. If it works will write hundred times RTFM.
              Will see if this affect the ip assignation.

              Thanks.

              Josep M.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.