Duplicate IP assigned by Remote Access server
-
Sounds like you're using the same cert on both. You'll want a unique cert on each one. the cert should be specific to an individual machine in that case.
-
That still seems like odd behavior that shouldn't happen even in that circumstance. Seems like the second attempt should either fail, supplant the first login, or, if multiple logins are permitted, get a different IP address assigned. Unless there's a client-specific ifconfig, then you should get what you set and if it's broken, it's broken.
-
@cmb:
Sounds like you're using the same cert on both. You'll want a unique cert on each one. the cert should be specific to an individual machine in that case.
Yep that is the reason.
Prior to now I'd require a name and password to use this connection. However I could not figure out how to do so using openvpn cli setup. These are not gui systems with network manager… dealing with certs to
I eliminated that , using Remote Access ( SSL/TLS ) instead of Remote Access ( SSL/TLS + User Auth )
Now a question - can you point me in the direction of setting up multiple certs for Remote Access ( SSL/TLS ) ?
Or do I need to use one vpn Remote Access ( SSL?TLS) setup per connection?
-
All you should need are other certs signed by the server's Peer Certificate Authority.
I just looked in the book and I don't see where it's explained just what OpenVPN uses to differentiate clients in Remote Access (SSL/TLS) mode. CN? Fingerprint?
-
CN. The whole client specific overrides thing works based on this.
-
Using per host [ user ] certs for archive file solved the issue. and of course is a lot easier to manage cert security.
thank you for the help.
-
Using per host [ user ] certs for archive file solved the issue. and of course is a lot easier to manage cert security.
Don't forget to tick this:
-
Thought that would only matter in SSL/TLS + User Auth mode.
-
at this screen: vpn_openvpn_server.php
that option is not avail when Sever Mode is Remote Access ( SSL/TLS )
I do see it when using Server Mode = Remote Access ( SSL/TLS + User Auth )
-
If it is the same Cert, try using the "duplicate-cn" option on the server. It is not recommended though, better use different Certs for each Client.