Hello.
I use openVPN for many years now. Works like a charm.
One customer uses it for remote access to his machines.
I use the WRT54GL for those purpose.
So my costomer gets a ready to go WRT and just plugs his machine to the switched ports and the network of the buyer to the wan port.
My WRT connects over the buyers internal network to a server in the internet with a static IP.
The machines network is masqed and has nothin to do with the buyers network (except it must not have the same IP Range).
Works fine. Now the problem: one customer bought two machines with two WRTs.
Not they come in at the server with the same IP. I watched them connecting and was able to ping both subnets, but a few seconds later I got a message in my log, that two tunnels came in from the same IP and that could be an attack (something similar) and the tunnels will be stopped.
As it worked for a few seconds, I guess it is a security feature.
Found nothing in the manuals. How can I stop that?
Aksels
Two Tunnels from one Dynamic IP
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Two Tunnels from one Dynamic IP
The exact log message is important here.
If a customer buys two boxes then give him two certificates and/or userids; it's perfectly well possible to connect 2 clients via the same WAN IP to the same VPN server , but you need to make sure that the 2 clients are distinguishable based on certificate or username.
If a customer buys two boxes then give him two certificates and/or userids; it's perfectly well possible to connect 2 clients via the same WAN IP to the same VPN server , but you need to make sure that the 2 clients are distinguishable based on certificate or username.