Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to site pre-shared key error |Options error: –duplicate-cn requires --mod

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      source
      last edited by

      Im testing a site to site configuration and on the client side, is see it tries to connect but nothing happens.  It can see the server, talk to it. I resolved all the firewall blocking. On the server. I see the following error, which google search indicates  I am not sure what it means.  Any ideas how to resolve this?

      Aug 20 22:18:23 openvpn[13972]: Options error: –duplicate-cn requires --mode server
      Aug 20 22:18:23 openvpn[13972]: Use –help for more information.
      Aug 20 22:19:28 openvpn[40601]: Options error: –duplicate-cn requires --mode server
      Aug 20 22:19:28 openvpn[40601]: Use –help for more information.
      Aug 20 22:21:54 openvpn[95139]: Options error: –duplicate-cn requires --mode server
      Aug 20 22:21:54 openvpn[95139]: Use –help for more information.
      Aug 20 22:22:04 openvpn[1330]: Options error: –duplicate-cn requires --mode server
      Aug 20 22:22:04 openvpn[1330]: Use –help for more information.

      thanks!

      1 Reply Last reply Reply Quote 0
      • S
        source
        last edited by

        SOLVED

        I figured out the issue.  on the server side at the bottom there is an option to allow duplicate connection. I unchecked that and it connected immediately. I have the site to site demo setup.

        Duplicate Connections : Allow multiple concurrent connections from clients using the same Common Name.   
                                          NOTE: This is not generally recommended, but may be needed for some scenarios.

        1 Reply Last reply Reply Quote 0
        • B
          BeerCan
          last edited by

          It is saying you have a duplicate common name and you need the "mode server" option in advance settings or check the setting to allow duplicate connections (see attached).  I would try each one individually to see if it works.

          However my gut feeling is that something is not right, do you have a client and a server running on the same box both having the same subnet?  Or 2 servers on the same subnet?

          Just a question but have you tried ipsec for this setup?

          2014-08-20_234655.jpg
          2014-08-20_234655.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • B
            BeerCan
            last edited by

            cool I see you solved your issue as I was typing my reply.  Good deal

            1 Reply Last reply Reply Quote 0
            • S
              source
              last edited by

              Thank you BeerCan!  I may need to do a little more troubleshooting, but its now a routing issue, where I don't seem to have the ability of the networks to communicate. The client router connects fine and can ping servers on the main site, but hosts behind the client router can't seem to communicate with hosts on the main site.

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                Add any/any rules to both sides on the openvpn tab.

                Post the server1.conf from the server end and client1.conf from the client end.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.