Hello Johan,
Just configured an OpenVPN Server with sztatic IP address for the user with including the following line in the server.conf:
client-config-dir /etc/openvpn/server/ccd
The ccd folder contains a file with file name as equal to the CN of the user with the following content:
ifconfig-push 10.10.20.40 255.255.255.0
When the user connects to the server it gets the desired IP address. But when logs in from an another device (without disconnecting the first connection), it also receives the same IP address (configured in the file located in the /etc/openvpn/server/ccd/common_name file) and latter connection kicks out the first one. And also what I see in the server's log, that the connection is continuously bouncing between the two devices.
As you said "Allow multiple concurrent VPN connections for a user (automatically disabled when static VPN IP addresses are configured for users)". This gave me a hope I'd be able to restrict this way (configuring static IP addresses for the clients) the number of simultaneous connections to one/user. As you see above, unfortunately seems the concurrent sessions got the same IP address, which is a bit terrifying and also not limiting the session to 1/user.
BTW... your statement still makes sense for me, but surprisingly just not working that way (for me).
Is there any hint?
BR
Patrik
Same user, bouncing between two devices
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jul 27, 2022 8:45 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jul 27, 2022 8:45 pm
Re: Same user, bouncing between two devices
Hello TinCanTech,
Thanks for your advice. At least saved me time and waste of efforts.
KR
Patrik
Thanks for your advice. At least saved me time and waste of efforts.
KR
Patrik
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jul 27, 2022 8:45 pm
Re: Same user, bouncing between two devices
Hello TinCanTech,TinCanTech wrote: ↑Thu Jul 28, 2022 9:57 amThe correct solution and the only solution which OpenVPN supports is:Use Easy-RSA and Easy-TLS to manage your PKI.
- Create individual certificates for each user that requires a fixed IP.
Absolutely agree and even cant understand how laziness driving people to create only one cert/key for common use. This way they also loose the possibility to have control over the users via CRL. So, in my case each user has its own cert/key pair, but sometimes they move between workstations and would like to have control in case they not closing the VPN connection on workstation they left and they connecting from another workstation.
KR
Patrik
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Same user, bouncing between two devices
Which is exactly how it should be and will remain.BlackHoyt wrote: ↑Wed Jul 27, 2022 9:11 pmWhen the user connects to the server it gets the desired IP address. But when logs in from an another device (without disconnecting the first connection), it also receives the same IP address (configured in the file located in the /etc/openvpn/server/ccd/common_name file) and latter connection kicks out the first one. And also what I see in the server's log, that the connection is continuously bouncing between the two devices.
The problem you have is with your users behavior not with Openvpn.