Only IP address being given out?

packetstormer · Post by **packetstormer** » Mon Dec 05, 2011 5:41 pm

I have setup OpenVPN on a Debian server and configured as per the HOWTO (http://openvpn.net/index.php/open-sourc ... howto.html)
I can get connected and the server all works well. However, if I try and connect another VPN client the server assigns the same IP address that the first client has. e.g

Client 1 -> Windows 7 client -> connects to OpenVPN server and gets 172.16.20.6 and can route to LAN behind OK
Then, while still connected another client connects (different user, PC,client crt and client key)
Client 2 -> Windows 7 client -> conenction to OpenVPN server and gets 172.16.20.6 aswell.

The result is that Client1, althought still connected, can no longer do anything as Client2 has his IP!

I am hoping this is pretty simple config issues but I can't seem to track it down. In fact I can't seem to figure out how OpenVPN deal/configure DHCP pools at all.

Any ideas?

Post by **janjust** » Tue Dec 06, 2011 8:52 am

in general, the IP address that is handed out is based on the client certificate and/or an 'ifconfig-pool-persist' file. if you're using an 'ifconfig-pool-persist' file, disable it (you don't really need it anyways).

packetstormer · Post by **packetstormer** » Tue Dec 06, 2011 9:31 am

janjust wrote:in general, the IP address that is handed out is based on the client certificate and/or an 'ifconfig-pool-persist' file. if you're using an 'ifconfig-pool-persist' file, disable it (you don't really need it anyways).

The ifconfig-pool-persist is already commented out of the server-conf. Any other ideas?

Post by **maikcat** » Tue Dec 06, 2011 9:44 am

can you post your configs used on your server/clients?

Michael.

packetstormer · Post by **packetstormer** » Tue Dec 06, 2011 12:21 pm

Sure, it is very basic and almost an exact copy of the sample configuration files.

[CLIENT CONFIG]
client
dev tun
dev-node "Local Area Connection 2"
proto udp
remote myserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mykey.crt
key mykey.key
ns-cert-type server
comp-lzo
verb 3
[/CLIENT CONFIG]

[SERVER CONFIG]

port 1139
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
push "route 192.168.100.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
[/SERVER CONFIG]

Post by **janjust** » Tue Dec 06, 2011 12:36 pm

are you using different cert/key pairs for the different clients?

Post by **maikcat** » Wed Dec 07, 2011 8:17 am

can you please post the config of your 3rd client?

also any logs..?

as JJ mentions is crucial to use DIFFERENT certs on each client.

Michael.

OpenVPN Support Forum

Only IP address being given out?

Only IP address being given out?

Re: Only IP address being given out?

Re: Only IP address being given out?

Re: Only IP address being given out?

Re: Only IP address being given out?

Re: Only IP address being given out?

Re: Only IP address being given out?