Site to site pre-shared key error |Options error: –duplicate-cn requires --mod

  • Im testing a site to site configuration and on the client side, is see it tries to connect but nothing happens.  It can see the server, talk to it. I resolved all the firewall blocking. On the server. I see the following error, which google search indicates  I am not sure what it means.  Any ideas how to resolve this?

    Aug 20 22:18:23 openvpn[13972]: Options error: –duplicate-cn requires --mode server
    Aug 20 22:18:23 openvpn[13972]: Use –help for more information.
    Aug 20 22:19:28 openvpn[40601]: Options error: –duplicate-cn requires --mode server
    Aug 20 22:19:28 openvpn[40601]: Use –help for more information.
    Aug 20 22:21:54 openvpn[95139]: Options error: –duplicate-cn requires --mode server
    Aug 20 22:21:54 openvpn[95139]: Use –help for more information.
    Aug 20 22:22:04 openvpn[1330]: Options error: –duplicate-cn requires --mode server
    Aug 20 22:22:04 openvpn[1330]: Use –help for more information.



    I figured out the issue.  on the server side at the bottom there is an option to allow duplicate connection. I unchecked that and it connected immediately. I have the site to site demo setup.

    Duplicate Connections : Allow multiple concurrent connections from clients using the same Common Name.   
                                      NOTE: This is not generally recommended, but may be needed for some scenarios.

  • It is saying you have a duplicate common name and you need the "mode server" option in advance settings or check the setting to allow duplicate connections (see attached).  I would try each one individually to see if it works.

    However my gut feeling is that something is not right, do you have a client and a server running on the same box both having the same subnet?  Or 2 servers on the same subnet?

    Just a question but have you tried ipsec for this setup?

  • cool I see you solved your issue as I was typing my reply.  Good deal

  • Thank you BeerCan!  I may need to do a little more troubleshooting, but its now a routing issue, where I don't seem to have the ability of the networks to communicate. The client router connects fine and can ping servers on the main site, but hosts behind the client router can't seem to communicate with hosts on the main site.

  • Add any/any rules to both sides on the openvpn tab.

    Post the server1.conf from the server end and client1.conf from the client end.

Log in to reply