I am getting strange issue, users get duplicate IPs, we have integrated OpenVPN with MS RADIUS Server and we allowed the Dial In in MS AD for those VPN users,
and it works fine if we assign a static IP per user, but without static IP users will use duplicate IP,
Please check below openvpn status 10.8.0.2 is shared between two users,
Server Config
TITLE,OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
TIME,Wed Jun 8 13:45:34 2022,1654688734
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID
CLIENT_LIST,malgharasi,5.156.219.104:1499,10.8.0.2,,2234,4240,Wed Jun 8 13:42:42 2022,1654688562,malgharasi,1,1
CLIENT_LIST,vivianpark1,159.0.211.18:61119,10.8.0.2,,3294,4009,Wed Jun 8 13:42:42 2022,1654688562,vivianpark1,2,2
CLIENT_LIST,salnomany,5.156.24.244:2218,10.8.0.90,,3656,7200,Wed Jun 8 13:45:23 2022,1654688723,salnomany,7,3
CLIENT_LIST,vpn,20*.180***8.236:62134,10.8.0.200,,5834,5506,Wed Jun 8 13:42:36 2022,1654688556,vpn,0,0
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,10.8.0.2,malgharasi,5.156.219.104:1499,Wed Jun 8 13:45:15 2022,1654688715
ROUTING_TABLE,10.8.0.90,salnomany,5.156.24.244:2218,Wed Jun 8 13:45:29 2022,1654688729
ROUTING_TABLE,10.8.0.200,vpn,20*.180***8.236:62134,Wed Jun 8 13:45:28 2022,1654688728
GLOBAL_STATS,Max bcast/mcast queue length,1
END
Server config is below
Server Config
/etc/openvpn/server# cat server.conf
local 194.60.201.59
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "route 10.8.0.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 10.8.0.200"
#push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
duplicate-cn
client-to-client
user nobody
group nogroup
persist-key
persist-tun
verb 7
client-config-dir /etc/openvpn/server/ccd
crl-verify crl.pem
explicit-exit-notify
plugin /usr/lib/openvpn/radiusplugin.so /etc/openvpn/server/auth/radiusplugin.cnf
username-as-common-name
client-cert-not-required
status openvpn-status.log
log openvpn.log
Server Config
/etc/openvpn/server# cat openvpn.log | grep "OpenVPN assigned to the user"
Wed Jun 8 13:42:36 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.200) OpenVPN assigned to the user vpn
Wed Jun 8 13:42:42 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.2) OpenVPN assigned to the user vivianpark1
Wed Jun 8 13:42:42 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.2) OpenVPN assigned to the user malgharasi
Wed Jun 8 13:45:24 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
Wed Jun 8 13:54:35 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
Wed Jun 8 14:11:47 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.2) OpenVPN assigned to the user vivianpark1
Wed Jun 8 14:25:26 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
Wed Jun 8 14:26:42 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
Wed Jun 8 14:33:01 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
Wed Jun 8 14:33:37 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
Wed Jun 8 14:34:53 2022 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.8.0.90) OpenVPN assigned to the user salnomany
OpenVPN Logs can be found here
https://file.io/iLN8ybhHoyQD