How to preserve client’s IP when --duplicate-cn enabled
Posted: Mon Nov 15, 2010 3:54 pm
Is there any way to preserve client’s IP when I have “--duplicate-cn” option enabled and I use one only cert/key pair to authenticate multiple clients?
Example:
One Windows-based OpenVPN server, 3 Windows OpenVPN clients.
Enabled “--duplicate-cn” option on server, one only cert/key pair used by all clients.
Each client receives the same IP from the server after a regular reboot, but sometimes when reboot is very fast client may get another IP (“keepalive“ is default : 10 120).
But if we reboot all 3 clients at the same time they all may change IPs, and and the worse case scenario they may use each other’s IPs.
What may be a way to avoid it with the condition we still use “--duplicate-cn” option on the server?
Example:
One Windows-based OpenVPN server, 3 Windows OpenVPN clients.
Enabled “--duplicate-cn” option on server, one only cert/key pair used by all clients.
Each client receives the same IP from the server after a regular reboot, but sometimes when reboot is very fast client may get another IP (“keepalive“ is default : 10 120).
But if we reboot all 3 clients at the same time they all may change IPs, and and the worse case scenario they may use each other’s IPs.
What may be a way to avoid it with the condition we still use “--duplicate-cn” option on the server?