Site to site pre-shared key error |Options error: –duplicate-cn requires --mod

source

Im testing a site to site configuration and on the client side, is see it tries to connect but nothing happens.  It can see the server, talk to it. I resolved all the firewall blocking. On the server. I see the following error, which google search indicates  I am not sure what it means.  Any ideas how to resolve this?

Aug 20 22:18:23 openvpn[13972]: Options error: –duplicate-cn requires --mode server
Aug 20 22:18:23 openvpn[13972]: Use –help for more information.
Aug 20 22:19:28 openvpn[40601]: Options error: –duplicate-cn requires --mode server
Aug 20 22:19:28 openvpn[40601]: Use –help for more information.
Aug 20 22:21:54 openvpn[95139]: Options error: –duplicate-cn requires --mode server
Aug 20 22:21:54 openvpn[95139]: Use –help for more information.
Aug 20 22:22:04 openvpn[1330]: Options error: –duplicate-cn requires --mode server
Aug 20 22:22:04 openvpn[1330]: Use –help for more information.

thanks!

source

SOLVED

I figured out the issue.  on the server side at the bottom there is an option to allow duplicate connection. I unchecked that and it connected immediately. I have the site to site demo setup.

Duplicate Connections : Allow multiple concurrent connections from clients using the same Common Name.   
                                  NOTE: This is not generally recommended, but may be needed for some scenarios.

BeerCan

It is saying you have a duplicate common name and you need the "mode server" option in advance settings or check the setting to allow duplicate connections (see attached).  I would try each one individually to see if it works.

However my gut feeling is that something is not right, do you have a client and a server running on the same box both having the same subnet?  Or 2 servers on the same subnet?

Just a question but have you tried ipsec for this setup?

BeerCan

cool I see you solved your issue as I was typing my reply.  Good deal

source

Thank you BeerCan!  I may need to do a little more troubleshooting, but its now a routing issue, where I don't seem to have the ability of the networks to communicate. The client router connects fine and can ping servers on the main site, but hosts behind the client router can't seem to communicate with hosts on the main site.

marvosa

Add any/any rules to both sides on the openvpn tab.

Post the server1.conf from the server end and client1.conf from the client end.