Hi,
I do not use (and want) duplicate-cn: my remote users get IP address, mask, dns, etc etc from the server.
Sometimes it happens that, erroneously, a client connects using the cert of another, already connected, client.
The result of this error is that the connected client is disconnected and the 2nd one becomes connected. After 5secs, the disconnected one restarts and disconnects the other and this is an infinite loop.
I would like to set OpenVPN in such a way a client cannot connect if there is a client with the same cn already connected.
I tried, without success, single-session
Is this possible?
Thank you for your help!!
Francesco
no disconnection of a client with same cn
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
rigillo
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Nov 14, 2011 2:10 pm
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: no disconnection of a client with same cn
you'll need a 'tls-verify' or 'client-connect' script for this, which checks the incoming cert against a file/database and then decides whether the certificate is allowed to log on ; a corresponding 'client-disconnect' script would then clear the entry in the file/database.
You may have to use 'duplicate-cn' to allow the second client to log on (and fail) during the 'tls-verify' step.
You may have to use 'duplicate-cn' to allow the second client to log on (and fail) during the 'tls-verify' step.