All clients get same IP?

[iwayneo]

Hi

It seems that my clients connect but they are issued the same ip?

here is my server config:

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\config\\ipp.txt"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4

and the client 1 config:



client
dev tun
proto udp
remote esb.sonatribe.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\backend1.crt"
key "C:\\Program Files\\OpenVPN\\config\\backend1.key"
ns-cert-type server
comp-lzo
verb 3

and client 2 config:

client
dev tun
proto udp
remote esb.sonatribe.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\backend2.crt"
key "C:\\Program Files\\OpenVPN\\config\\backend2.key"
ns-cert-type server
comp-lzo
verb 3

The server is not updating ipp.txt when new clients attach.

[janjust]

please sanitize your config files before posting them - it is hard to read them this way.

How are you so sure both clients get the same IP ?
What are the contents of the 'ipp.txt' file?
Can you try it without the 'ifconfig-pool-persist' directive?
Do you need the 'ifconfig-pool-persist' thingie at all ?

Note that the 'ipp.txt' file is updated every 10 minutes - that means that new clients will only be listed after 10 minutes (or whenever the server is restarted/shut down)

[iwayneo]

Hi - cleaned as requested

Just tried without the

ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\config\\ipp.txt" part

made no difference - they both seem to get the ip: 10.8.0.6

[janjust]

thx for cleaning

check the server logs to see which clients are connecting - perhaps you've copied over the client1.{crt,key} files incorrectly? Otherwise , try

Code: Select all

cd C:\Program Files\OpenVPN\config
..\bin\openssl x509 -text -noout -in backend1.crt

Code: Select all

cd C:\Program Files\OpenVPN\config
..\bin\openssl x509 -text -noout -in backend2.crt

the subjects for both certificates should be different, otherwise it might/will assign the same IP twice

[iwayneo]

Hi

OK here's the output from backend1:

Subject: C=UK, ST=LDN, O=SONATRIBE, OU=SONATRIBE-UK, CN=SONATRIBE-UK/emailAddress=WAYNE@PRJATK.COM

and backend 2:

Subject: C=UK, ST=LDN, O=SONATRIBE, OU=SONATRIBE-UK2, CN=SONATRIBE-UK/emailAddress=WAYNE@PRJATK.COM

and here's the out from the log:

http://monobin.com/__m43957d01

[iwayneo]

OK

I can see that from the logs it is complaining that the client names are the same.

I'll re-gen client 2 and see if that sorts it.

I'll be blogging about this to help others following my path.

One of the issues i had from the instructions found https://community.openvpn.net/openvpn/w ... ConfigFile

was that i had to combine the scripts into one for them to work - unless i'm missing something?

[iwayneo]

OK

Getting somewhere now.

Both clients connect with seperate Ip - both can ping the server - neither client can ping the other?

:s

[janjust]

the clients won't be able to ping each other unless you add

Code: Select all

client-to-client

to the server config or if you set up IP forwarding and iptables on the server correctly. The advantage of the IPforwarding/iptables route is that you can restrict the traffic between clients. With 'client-to-client' all firewalling on the server is bypassed.

[iwayneo]

that was an rtfm classic - sorry for the noise

[Douglas]

that was an rtfm classic - sorry for the noise

Silly iwayneo!

Lesson learned, right? At least you got some experience out of it.