Same user, bouncing between two devices

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
BlackHoyt
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 27, 2022 8:45 pm

Same user, bouncing between two devices

Post by BlackHoyt » Wed Jul 27, 2022 9:11 pm

Hello Johan,

Just configured an OpenVPN Server with sztatic IP address for the user with including the following line in the server.conf:
client-config-dir /etc/openvpn/server/ccd

The ccd folder contains a file with file name as equal to the CN of the user with the following content:
ifconfig-push 10.10.20.40 255.255.255.0

When the user connects to the server it gets the desired IP address. But when logs in from an another device (without disconnecting the first connection), it also receives the same IP address (configured in the file located in the /etc/openvpn/server/ccd/common_name file) and latter connection kicks out the first one. And also what I see in the server's log, that the connection is continuously bouncing between the two devices.
As you said "Allow multiple concurrent VPN connections for a user (automatically disabled when static VPN IP addresses are configured for users)". This gave me a hope I'd be able to restrict this way (configuring static IP addresses for the clients) the number of simultaneous connections to one/user. As you see above, unfortunately seems the concurrent sessions got the same IP address, which is a bit terrifying and also not limiting the session to 1/user.

BTW... your statement still makes sense for me, but surprisingly just not working that way (for me).

Is there any hint?

BR
Patrik

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Same user, bouncing between two devices

Post by TinCanTech » Wed Jul 27, 2022 11:49 pm

BlackHoyt wrote:
Wed Jul 27, 2022 9:11 pm
Is there any hint?
Hint: Give up - You cannot do what you want to do with OpenVPN.

BlackHoyt
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 27, 2022 8:45 pm

Re: Same user, bouncing between two devices

Post by BlackHoyt » Thu Jul 28, 2022 6:05 am

Hello TinCanTech,

Thanks for your advice. At least saved me time and waste of efforts.

KR
Patrik

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Same user, bouncing between two devices

Post by TinCanTech » Thu Jul 28, 2022 9:57 am

The correct solution and the only solution which OpenVPN supports is:
  • Create individual certificates for each user that requires a fixed IP.
Use Easy-RSA and Easy-TLS to manage your PKI.

BlackHoyt
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 27, 2022 8:45 pm

Re: Same user, bouncing between two devices

Post by BlackHoyt » Thu Jul 28, 2022 3:57 pm

TinCanTech wrote:
Thu Jul 28, 2022 9:57 am
The correct solution and the only solution which OpenVPN supports is:
  • Create individual certificates for each user that requires a fixed IP.
Use Easy-RSA and Easy-TLS to manage your PKI.
Hello TinCanTech,

Absolutely agree and even cant understand how laziness driving people to create only one cert/key for common use. This way they also loose the possibility to have control over the users via CRL. So, in my case each user has its own cert/key pair, but sometimes they move between workstations and would like to have control in case they not closing the VPN connection on workstation they left and they connecting from another workstation.

KR
Patrik

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Same user, bouncing between two devices

Post by TinCanTech » Thu Jul 28, 2022 4:02 pm

BlackHoyt wrote:
Wed Jul 27, 2022 9:11 pm
When the user connects to the server it gets the desired IP address. But when logs in from an another device (without disconnecting the first connection), it also receives the same IP address (configured in the file located in the /etc/openvpn/server/ccd/common_name file) and latter connection kicks out the first one. And also what I see in the server's log, that the connection is continuously bouncing between the two devices.
Which is exactly how it should be and will remain.

The problem you have is with your users behavior not with Openvpn.

Post Reply