OpenVPN Support Forum

Hi

It seems that my clients connect but they are issued the same ip?

here is my server config:

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\config\\ipp.txt"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4

and the client 1 config:



client
dev tun
proto udp
remote esb.sonatribe.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\backend1.crt"
key "C:\\Program Files\\OpenVPN\\config\\backend1.key"
ns-cert-type server
comp-lzo
verb 3

and client 2 config:

client
dev tun
proto udp
remote esb.sonatribe.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\backend2.crt"
key "C:\\Program Files\\OpenVPN\\config\\backend2.key"
ns-cert-type server
comp-lzo
verb 3

The server is not updating ipp.txt when new clients attach.

please sanitize your config files before posting them - it is hard to read them this way.

How are you so sure both clients get the same IP ?
What are the contents of the 'ipp.txt' file?
Can you try it without the 'ifconfig-pool-persist' directive?
Do you need the 'ifconfig-pool-persist' thingie at all ?

Note that the 'ipp.txt' file is updated every 10 minutes - that means that new clients will only be listed after 10 minutes (or whenever the server is restarted/shut down)

Hi - cleaned as requested

Just tried without the

ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\config\\ipp.txt" part

made no difference - they both seem to get the ip: 10.8.0.6

thx for cleaning

check the server logs to see which clients are connecting - perhaps you've copied over the client1.{crt,key} files incorrectly? Otherwise , try
the subjects for both certificates should be different, otherwise it might/will assign the same IP twice

Hi

OK here's the output from backend1:

Subject: C=UK, ST=LDN, O=SONATRIBE, OU=SONATRIBE-UK, CN=SONATRIBE-UK/emailAddress=WAYNE@PRJATK.COM

and backend 2:

Subject: C=UK, ST=LDN, O=SONATRIBE, OU=SONATRIBE-UK2, CN=SONATRIBE-UK/emailAddress=WAYNE@PRJATK.COM

and here's the out from the log:

http://monobin.com/__m43957d01

OK

I can see that from the logs it is complaining that the client names are the same.

I'll re-gen client 2 and see if that sorts it.

I'll be blogging about this to help others following my path.

One of the issues i had from the instructions found https://community.openvpn.net/openvpn/w ... ConfigFile

was that i had to combine the scripts into one for them to work - unless i'm missing something?

OK

Getting somewhere now.

Both clients connect with seperate Ip - both can ping the server - neither client can ping the other?

:s

the clients won't be able to ping each other unless you add to the server config or if you set up IP forwarding and iptables on the server correctly. The advantage of the IPforwarding/iptables route is that you can restrict the traffic between clients. With 'client-to-client' all firewalling on the server is bypassed.

that was an rtfm classic - sorry for the noise

iwayneo wrote:that was an rtfm classic - sorry for the noise

Silly iwayneo!

Lesson learned, right? At least you got some experience out of it.