Clients are getting duplicate virtual addresses

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Thibault
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 30, 2022 8:33 am

Clients are getting duplicate virtual addresses

Post by Thibault » Wed Nov 30, 2022 9:53 am

Hi everyone,

I am trying to set up a tap server and multiple clients (all linux based machines). However, it seems that these clients are all getting the same virtual address. This causes the connection to be very unstable because clients keep "fighting" for these few virtual addresses that are being handed out. This can also be seen in the below in the logs:
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (tim e_t),Username,Client ID,Peer ID
CLIENT_LIST,ID02032,x.x.x.47:55845,10.5.1.32,,47489,280422,Wed Nov 30 02:17:25 2022,1669803445,UNDEF,1364992,27
CLIENT_LIST,ID02035,x.x.x.74:35587,10.5.1.35,,298832,2007902,Wed Nov 30 01:32:39 2022,1669800759,UNDEF,1364825,26
CLIENT_LIST,ID02037,x.x.x.83:52027,10.5.1.37,,47575,365411,Wed Nov 30 02:14:58 2022,1669803298,UNDEF,1364982,21
CLIENT_LIST,ID02048,x.x.x.84:54722,10.5.1.48,,569783,1886060,Wed Nov 30 01:32:40 2022,1669800760,UNDEF,1364826,18
CLIENT_LIST,ID02023,x.x.x.44:34429,10.5.1.23,,97071,742966,Wed Nov 30 02:05:17 2022,1669802717,UNDEF,1364942,32
CLIENT_LIST,ID02030,x.x.x.67:52232,10.5.1.30,,307043,1956400,Wed Nov 30 01:33:55 2022,1669800835,UNDEF,1364832,43
CLIENT_LIST,ID02045,x.x.x.64:37809,10.5.1.45,,18168,115172,Wed Nov 30 02:21:29 2022,1669803689,UNDEF,1365011,24
CLIENT_LIST,ID02050,x.x.x.69:34924,10.5.1.50,,25990,142021,Wed Nov 30 02:21:00 2022,1669803660,UNDEF,1365010,36
CLIENT_LIST,ID02038,x.x.x.93:47475,10.5.1.38,,729361,4004034,Wed Nov 30 00:30:46 2022,1669797046,UNDEF,1364605,33
CLIENT_LIST,ID02043,x.x.x.53:47998,10.5.1.43,,16485,99287,Wed Nov 30 02:21:50 2022,1669803710,UNDEF,1365012,40
CLIENT_LIST,UNDEF,x.x.x.59:56795,,,367,6934,Wed Nov 30 02:23:39 2022,1669803819,UNDEF,1365022,15
CLIENT_LIST,UNDEF,x.x.x.94:38321,,,1567,4754,Wed Nov 30 02:23:22 2022,1669803802,UNDEF,1365020,47
CLIENT_LIST,ID02013,x.x.x.103:56835,10.5.1.13,,1905142,4543967,Tue Nov 29 23:50:48 2022,1669794648,UNDEF,1364474,4
CLIENT_LIST,ID02005,x.x.x.48:49014,10.5.1.5,,9122,16202,Wed Nov 30 02:23:47 2022,1669803827,UNDEF,1365024,45
CLIENT_LIST,ID02049,x.x.x.115:51432,10.5.1.49,,212627,1776958,Wed Nov 30 01:36:44 2022,1669801004,UNDEF,1364845,10
CLIENT_LIST,ID02096,x.x.x.62:58667,10.5.1.96,,2368428,3977999,Wed Nov 30 00:41:36 2022,1669797696,UNDEF,1364635,7
CLIENT_LIST,ID02075,x.x.x.113:55053,10.5.1.75,,652559,3902687,Wed Nov 30 00:30:48 2022,1669797048,UNDEF,1364606,34
CLIENT_LIST,ID02003,x.x.x.19:44902,10.5.1.3,,716033,3491379,Wed Nov 30 00:50:51 2022,1669798251,UNDEF,1364663,6
CLIENT_LIST,ID02046,x.x.x.46:56800,10.5.1.46,,49143,212030,Wed Nov 30 02:18:54 2022,1669803534,UNDEF,1365000,12
CLIENT_LIST,ID02058,x.x.x.95:36223,10.5.1.58,,49516,270769,Wed Nov 30 02:17:45 2022,1669803465,UNDEF,1364994,35
CLIENT_LIST,ID02053,x.x.x.96:58160,10.5.1.53,,96449,470380,Wed Nov 30 02:11:38 2022,1669803098,UNDEF,1364967,29
CLIENT_LIST,ID02070,x.x.x.97:40134,10.5.1.70,,1164069,3762639,Wed Nov 30 00:29:54 2022,1669796994,UNDEF,1364599,23
CLIENT_LIST,ID02055,x.x.x.43:46155,10.5.1.55,,222934,1440992,Wed Nov 30 01:45:43 2022,1669801543,UNDEF,1364878,39
CLIENT_LIST,ID02099,x.x.x.100:55262,10.5.1.99,,137664,2214317,Wed Nov 30 01:24:33 2022,1669800273,UNDEF,1364791,42
CLIENT_LIST,ID02022,x.x.x.101:39174,10.5.1.22,,40197,262967,Wed Nov 30 02:17:47 2022,1669803467,UNDEF,1364995,38
CLIENT_LIST,ID02008,x.x.x.32:60730,10.5.1.8,,177930,758562,Wed Nov 30 02:03:47 2022,1669802627,UNDEF,1364938,28
CLIENT_LIST,ID02067,x.x.x.79:34166,10.5.1.67,,138109,958251,Wed Nov 30 01:59:24 2022,1669802364,UNDEF,1364925,14
CLIENT_LIST,ID02081,x.x.x.87:56910,10.5.1.81,,242191,564042,Wed Nov 30 02:11:23 2022,1669803083,UNDEF,1364965,8
CLIENT_LIST,ID02059,x.x.x.82:44645,10.5.1.59,,39700,166031,Wed Nov 30 02:20:15 2022,1669803615,UNDEF,1365007,49
CLIENT_LIST,ID02052,x.x.x.114:52309,10.5.1.52,,706627,2193313,Wed Nov 30 01:25:06 2022,1669800306,UNDEF,1364794,2
CLIENT_LIST,ID02028,x.x.x.78:56071,10.5.1.28,,921006,4485813,Wed Nov 30 00:12:55 2022,1669795975,UNDEF,1364538,17
CLIENT_LIST,ID02073,x.x.x.45:56891,10.5.1.73,,1107910,4951991,Tue Nov 29 23:47:41 2022,1669794461,UNDEF,1364464,22
CLIENT_LIST,ID02039,x.x.x.98:55874,10.5.1.39,,28489,193669,Wed Nov 30 02:19:42 2022,1669803582,UNDEF,1365004,25
CLIENT_LIST,ID02076,x.x.x.111:51448,10.5.1.76,,2537978,8546759,Tue Nov 29 20:54:23 2022,1669784063,UNDEF,1364041,5
CLIENT_LIST,ID02017,x.x.x.29:34451,10.5.1.17,,13825,46131,Wed Nov 30 02:23:03 2022,1669803783,UNDEF,1365017,20
CLIENT_LIST,ID02062,x.x.x.70:35674,10.5.1.62,,1309778,4776636,Tue Nov 29 23:59:13 2022,1669795153,UNDEF,1364499,19
CLIENT_LIST,ID02054,x.x.x.68:41319,10.5.1.54,,53338,94764,Wed Nov 30 02:22:07 2022,1669803727,UNDEF,1365013,41
CLIENT_LIST,ID02029,x.x.x.17:42025,10.5.1.29,,15708,76978,Wed Nov 30 02:22:20 2022,1669803740,UNDEF,1365014,0
CLIENT_LIST,ID02007,x.x.x.42:50758,10.5.1.7,,8728,28547,Wed Nov 30 02:23:27 2022,1669803807,UNDEF,1365021,37
CLIENT_LIST,ID02095,x.x.x.109:50284,10.5.1.95,,4989,17829,Wed Nov 30 02:23:40 2022,1669803820,UNDEF,1365023,50
CLIENT_LIST,ID02066,x.x.x.31:60092,10.5.1.66,,64036,357940,Wed Nov 30 02:15:35 2022,1669803335,UNDEF,1364988,9
CLIENT_LIST,ID02001,x.x.x.106:51373,10.5.1.1,,93460,480425,Wed Nov 30 02:11:16 2022,1669803076,UNDEF,1364964,11
CLIENT_LIST,ID02019,x.x.x.89:60549,10.5.1.19,,8066,31307,Wed Nov 30 02:23:19 2022,1669803799,UNDEF,1365019,46
CLIENT_LIST,ID02060,x.x.x.35:37121,10.5.1.60,,41232,252918,Wed Nov 30 02:18:05 2022,1669803485,UNDEF,1364997,48
CLIENT_LIST,ID02016,x.x.x.54:33577,10.5.1.16,,112610,660369,Wed Nov 30 02:07:52 2022,1669802872,UNDEF,1364953,3
CLIENT_LIST,ID02009,x.x.x.88:34744,10.5.1.9,,11683,54051,Wed Nov 30 02:22:52 2022,1669803772,UNDEF,1365016,1
CLIENT_LIST,ID02068,x.x.x.34:36397,10.5.1.68,,59531,381495,Wed Nov 30 02:14:37 2022,1669803277,UNDEF,1364980,16
CLIENT_LIST,ID02026,x.x.x.28:53486,10.5.1.26,,11971,44551,Wed Nov 30 02:23:04 2022,1669803784,UNDEF,1365018,30
CLIENT_LIST,ID02024,x.x.x.41:52525,10.5.1.24,,172528,461865,Wed Nov 30 02:12:13 2022,1669803133,UNDEF,1364969,31
CLIENT_LIST,ID02044,x.x.x.99:59177,10.5.1.44,,41622,343638,Wed Nov 30 02:15:30 2022,1669803330,UNDEF,1364987,44
CLIENT_LIST,ID02063,x.x.x.27:33535,10.5.1.63,,108324,457135,Wed Nov 30 02:12:30 2022,1669803150,UNDEF,1364971,13
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,9a:e9:6f:f2:bd:35,ID02054,x.x.x.68:41319,Wed Nov 30 02:24:01 2022,1669803841
ROUTING_TABLE,56:9b:2e:22:67:04,ID02017,x.x.x.29:34451,Wed Nov 30 02:23:58 2022,1669803838
ROUTING_TABLE,2a:92:c8:ce:b0:dc,ID02081,x.x.x.87:56910,Wed Nov 30 02:24:01 2022,1669803841
Nov 30 03:54:23 lrv4-isync openvpn: ID02076/x.x.x.111:55058 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02076/x.x.x.111:55058
Nov 30 03:54:23 lrv4-isync openvpn: ID02073/x.x.x.45:35628 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02073/x.x.x.45:35628
Nov 30 03:54:23 lrv4-isync openvpn: ID02001/x.x.x.106:40051 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02001/x.x.x.106:40051
Nov 30 03:54:23 lrv4-isync openvpn: ID02096/x.x.x.62:53307 MULTI: Learn: 56:9b:2e:22:67:04 -> ID02096/x.x.x.62:53307
Nov 30 03:54:23 lrv4-isync openvpn: ID02026/x.x.x.28:58241 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02026/x.x.x.28:58241
Nov 30 03:54:23 lrv4-isync openvpn: ID02055/x.x.x.43:46284 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02055/x.x.x.43:46284
Nov 30 03:54:23 lrv4-isync openvpn: ID02052/x.x.x.114:54552 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02052/x.x.x.114:54552
Nov 30 03:54:23 lrv4-isync openvpn: ID02021/x.x.x.23:32880 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02021/x.x.x.23:32880
Nov 30 03:54:23 lrv4-isync openvpn: ID02084/x.x.x.92:46050 MULTI: Learn: 56:9b:2e:22:67:04 -> ID02084/x.x.x.92:46050
Nov 30 03:54:23 lrv4-isync openvpn: ID02026/x.x.x.28:58241 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02026/x.x.x.28:58241
Nov 30 03:54:23 lrv4-isync openvpn: ID02024/x.x.x.41:58517 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02024/x.x.x.41:58517
Nov 30 03:54:23 lrv4-isync openvpn: ID02031/x.x.x.58:45525 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02031/x.x.x.58:45525
Nov 30 03:54:24 lrv4-isync openvpn: ID02032/x.x.x.47:48568 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02032/x.x.x.47:48568
Nov 30 03:54:24 lrv4-isync openvpn: ID02069/x.x.x.81:48398 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02069/x.x.x.81:48398
Nov 30 03:54:24 lrv4-isync openvpn: ID02040/x.x.x.86:47400 MULTI: Learn: 56:9b:2e:22:67:04 -> ID02040/x.x.x.86:47400
Nov 30 03:54:24 lrv4-isync openvpn: ID02066/x.x.x.31:34370 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02066/x.x.x.31:34370
Nov 30 03:54:24 lrv4-isync openvpn: ID02084/x.x.x.92:46050 MULTI: Learn: 56:9b:2e:22:67:04 -> ID02084/x.x.x.92:46050
Nov 30 03:54:24 lrv4-isync openvpn: ID02067/x.x.x.79:51707 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02067/x.x.x.79:51707
Nov 30 03:54:24 lrv4-isync openvpn: ID02063/x.x.x.27:38920 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02063/x.x.x.27:38920
Nov 30 03:54:25 lrv4-isync openvpn: ID02030/x.x.x.67:51496 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02030/x.x.x.67:51496
Nov 30 03:54:25 lrv4-isync openvpn: ID02053/x.x.x.96:36973 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02053/x.x.x.96:36973
Nov 30 03:54:25 lrv4-isync openvpn: ID02030/x.x.x.67:51496 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02030/x.x.x.67:51496
Nov 30 03:54:25 lrv4-isync openvpn: ID02048/x.x.x.84:59432 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02048/x.x.x.84:59432
Nov 30 03:54:25 lrv4-isync openvpn: ID02067/x.x.x.79:51707 MULTI: Learn: 46:e7:e5:b6:17:66 -> ID02067/x.x.x.79:51707
When looking at the routing table in real-time and the logs, we can see that the Common Names bound to the virtual addresses are constantly changing between clients. They seem to all be trying to use these same virtual addresses. I saw in another post that you need to make sure the common names in the certs are unique for each client but this is the case. I also attached the server and one of the client configurations.


Server configuration:

Code: Select all

[oconf=Server Config]
port 1194
proto udp
dev tap0
ca ca.crt
cert SERVER.crt
key SERVER.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.5.1.250  255.255.255.0 10.5.1.1 10.5.1.249
client-config-dir ccd
client-to-client
keepalive 1 20
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
ifconfig 10.5.1.250 255.255.255.0
script-security 2
up "/opt/network/openvpnUp 239.255.255.253 http://localhost:8080/ext/rest/remoteservices/restart"
down "/opt/network/openvpnDown 239.255.255.253 http://localhost:8080/ext/rest/remoteservices/restart"
[/oconf]
The openvpn version on server side: 2.4.6

client configuration for one of the clients:

Code: Select all

 
[oconf=Client Config]
client
dev tap0
proto udp
remote x.x.x.20 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert ID02001.crt
key ID02001.key
remote-cert-tls server
comp-lzo
verb 3
script-security 2
up "/opt/network/openvpnUp 239.255.255.253 http://localhost:8083/ext/rest/remoteservices/restart"
down "/opt/network/openvpnDown 239.255.255.253 http://localhost:8083/ext/rest/remoteservices/restart"
mssfix 1350
data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC
[/oconf] 
The openvpn version on client side: 2.5.1-3

Any ideas on what could be causing this issue?
Thanks in advance!

Thibault

Post Reply