Increasing number of clients past 63
Posted: Wed Dec 13, 2017 2:38 pm
I'm using a pretty basic config, almost exactly what is talked about in the HOWTO article. If I'm reading this right I am limited to 63 clients max according to the table in this section of the HOWTO, correct? https://openvpn.net/index.php/open-sour ... tml#policy
How would I edit config files to allow for more clients? I am allowing client to client traffic. I have Ubiquiti routers connecting back to a windows server. The HOWTO file suggests that the windows tap driver might be a limiting factor here?
My CCD files look like this now
client1
client2
client3 and so on etc.
Server file
-edit, seems the oconf= button is broken.
How would I edit config files to allow for more clients? I am allowing client to client traffic. I have Ubiquiti routers connecting back to a windows server. The HOWTO file suggests that the windows tap driver might be a limiting factor here?
My CCD files look like this now
client1
Code: Select all
iroute 10.105.101.0 255.255.255.0
ifconfig-push 10.8.0.5 10.8.0.6
Code: Select all
iroute 10.105.102.0 255.255.255.0
ifconfig-push 10.8.0.9 10.8.0.10
Code: Select all
iroute 10.105.103.0 255.255.255.0
ifconfig-push 10.8.0.13 10.8.0.14
Code: Select all
port 1194
proto tcp-server
dev tun
ca "path"
cert "path"
key "path"
dh "path"
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
# with this server always grabs 10.8.0.1
server 10.8.0.0 255.255.255.0
# read this to see what clients are connected
# Windows requires double \\ here to path
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"
# OpenVPN log goes to C:\Program Files\OpenVPN\log\* whatever this ovpn file is named
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# telnet management interface, disable for normal use, use server cmd on server?
;management localhost 10020
# ovpn server pushes config info to clients from files in ccd dir.
# Matches are based on CN in connecting key, so CN in key must match file name exactly.
# Static VPN addressing and Client LAN routing is controlled in these files.
# client configuration directory (home is config dir, so rel path ok here)
client-config-dir ccd
# Allow LAN routing between clients
client-to-client
# Push routes to connecting clients, they need to know about all other LANs
push "route 10.105.101.0 255.255.255.0"
push "route 10.105.102.0 255.255.255.0"
push "route 10.105.103.0 255.255.255.0"
push "route 10.105.104.0 255.255.255.0"
push "route 10.105.105.0 255.255.255.0"
push "route 10.105.106.0 255.255.255.0"
push "route 10.105.107.0 255.255.255.0"
# Allow the server to route traffic to client LANs
route 10.105.101.0 255.255.255.0
route 10.105.102.0 255.255.255.0
route 10.105.103.0 255.255.255.0
route 10.105.104.0 255.255.255.0
route 10.105.105.0 255.255.255.0
route 10.105.106.0 255.255.255.0
route 10.105.107.0 255.255.255.0
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth "path" 0 # This file is secret