Allow one connection per user/cert

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

Allow one connection per user/cert

Post by scorpoin » Thu Jan 03, 2019 8:40 am

Greetings,

I've just configured openvpn . its working fine and the only issue I see is if user-1 connected to server via pc and he uses same config-file which has his key/ca/ta/crt into his an other device (mobile/laptop) he gets connected .

All I want this shuould not be connected if user-1 is connected via pc untill he disconnect from pc then he will be able to connect it via mobile/laptop.

I generated invidual crt / key for each users.I.E user-1.crt/user-2.key , user-2.crt/user-2.key , user-3.crt/user-3.key .

Code: Select all

port 51094
proto udp
dev tun
ca    /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
server 10.10.10.0 255.255.255.0
mode server
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
#client-config-dir ccd
#ifconfig-pool-persist ipp.txt
tls-auth ta.key 0 # This file is secret
auth SHA256
key-direction 0
cipher AES-256-CBC
client-to-client
duplicate-cn 0
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
auth-nocache
status /var/log/openvpn-status.log
log /var/log//openvpn.log
verb 4
mute 20


Any idea what am I doing wrong here.

Regards
Scorpoin

mfizz
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 29, 2018 3:53 pm

Re: Allow one connection per user/cert

Post by mfizz » Thu Jan 03, 2019 10:16 am

You need to remove the following line from your server.conf:

Code: Select all

duplicate-cn 0
See reference manual:
–duplicate-cn
Allow multiple clients with the same common name to concurrently connect. In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name.

scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

Re: Allow one connection per user/cert

Post by scorpoin » Thu Jan 03, 2019 11:05 am

even I removed that line and retest it. it does connect on difference device.

Regards
Scorpoin

mfizz
OpenVpn Newbie
Posts: 6
Joined: Sat Dec 29, 2018 3:53 pm

Re: Allow one connection per user/cert

Post by mfizz » Thu Jan 03, 2019 4:00 pm

did you restart the server after removing it?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Allow one connection per user/cert

Post by TinCanTech » Thu Jan 03, 2019 5:07 pm

mfizz wrote:
Thu Jan 03, 2019 10:16 am
You need to remove the following line from your server.conf:

Code: Select all

duplicate-cn 0
See reference manual:
–duplicate-cn
Allow multiple clients with the same common name to concurrently connect. In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name.
This will not solve the problem, all this will change is that only one connection per CN is allowed but each new connection will cause the previous one to be dropped by the server.
scorpoin wrote:
Thu Jan 03, 2019 8:40 am
I want this shuould not be connected if user-1 is connected via pc untill he disconnect from pc then he will be able to connect it via mobile/laptop
OpenVPN does not have any built in method to do this.

scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

Re: Allow one connection per user/cert

Post by scorpoin » Fri Jan 04, 2019 4:31 am

Thank you guys for your response. I obersrved that if one user is connected and same user conenct via his 2nd device/mobile . He gets connected but eventually device-1 of same user remain connected to vpn but his session destroyed. Mean he can not browse internet but he may use internet via using 2nd device.

So far I want to stop this only one user one device if he tries it on an other his vpn must be disconnected from device-1 . I've already shared my server.conf and here is my client conf file.

Code: Select all

client
dev tun
proto udp
remote <server-ip>  <listening-port>
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA256
remote-cert-tls server
key-direction 1
comp-lzo
verb 4

Thanks
Scorpoin

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Allow one connection per user/cert

Post by TinCanTech » Fri Jan 04, 2019 5:49 pm

Like I said before:
TinCanTech wrote:
Thu Jan 03, 2019 5:07 pm
OpenVPN does not have any built in method to do this.

scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

Re: Allow one connection per user/cert

Post by scorpoin » Tue Jan 08, 2019 5:45 am

Thanks,

I wonder if this possible that it wont allow 2nd connection unless user disconnect from device-1 then he try for device-2 .

I know if user connected vai device-1 and he tries for device-2 then device-1 session drop but his dailer remain connected on device-1. I just want see if there is any option it wont get even connected unless he disconnect him self from device-1.

Regards
Scorpoin

Post Reply