OpenVPN Support Forum

Hello Johan,

Just configured an OpenVPN Server with sztatic IP address for the user with including the following line in the server.conf:
client-config-dir /etc/openvpn/server/ccd

The ccd folder contains a file with file name as equal to the CN of the user with the following content:
ifconfig-push 10.10.20.40 255.255.255.0

When the user connects to the server it gets the desired IP address. But when logs in from an another device (without disconnecting the first connection), it also receives the same IP address (configured in the file located in the /etc/openvpn/server/ccd/common_name file) and latter connection kicks out the first one. And also what I see in the server's log, that the connection is continuously bouncing between the two devices.
As you said "Allow multiple concurrent VPN connections for a user (automatically disabled when static VPN IP addresses are configured for users)". This gave me a hope I'd be able to restrict this way (configuring static IP addresses for the clients) the number of simultaneous connections to one/user. As you see above, unfortunately seems the concurrent sessions got the same IP address, which is a bit terrifying and also not limiting the session to 1/user.

BTW... your statement still makes sense for me, but surprisingly just not working that way (for me).

Is there any hint?

BR
Patrik

BlackHoyt wrote: ↑

Wed Jul 27, 2022 9:11 pm

Is there any hint?

Hint: Give up - You cannot do what you want to do with OpenVPN.

Hello TinCanTech,

Thanks for your advice. At least saved me time and waste of efforts.

KR
Patrik

The correct solution and the only solution which OpenVPN supports is:

• Create individual certificates for each user that requires a fixed IP.

Use Easy-RSA and Easy-TLS to manage your PKI.

TinCanTech wrote: ↑

Thu Jul 28, 2022 9:57 am

The correct solution and the only solution which OpenVPN supports is:

• Create individual certificates for each user that requires a fixed IP.

Use Easy-RSA and Easy-TLS to manage your PKI.

Hello TinCanTech,

Absolutely agree and even cant understand how laziness driving people to create only one cert/key for common use. This way they also loose the possibility to have control over the users via CRL. So, in my case each user has its own cert/key pair, but sometimes they move between workstations and would like to have control in case they not closing the VPN connection on workstation they left and they connecting from another workstation.

KR
Patrik

BlackHoyt wrote: ↑

Wed Jul 27, 2022 9:11 pm

When the user connects to the server it gets the desired IP address. But when logs in from an another device (without disconnecting the first connection), it also receives the same IP address (configured in the file located in the /etc/openvpn/server/ccd/common_name file) and latter connection kicks out the first one. And also what I see in the server's log, that the connection is continuously bouncing between the two devices.

Which is exactly how it should be and will remain.

The problem you have is with your users behavior not with Openvpn.