Hello!
I'm stuck with a configuration doubt.
What i got is:
many linux box with openvpn
server one is configured like this:
dev tun0
mode server
tls-server
# certificate stuff
dh ssl/xxx.pem
ca ssl/xxx.it_cacert.pem
cert ssl/server.xxx.it_cert.pem
key ssl/private/server.xxx.it_key.pem
crl-verify ssl/xxx.it_crl.pem
# allow multi-client with same cn
duplicate-cn
# assigned ip addresses
ifconfig 10.8.0.1 10.8.0.2
route 10.8.0.0 255.255.255.0
push "route 10.8.0.1"
ifconfig-pool 10.8.0.4 10.8.0.254
log /var/log/openvpn.log
keepalive 60 600
daemon
well, it's configured like a DHCP behaviour and every client got the same certificate (duplicate-cn)
every client got two interfaces. One interface connected to internet, used for setup tunnels with main server and a internal interface with an internal subnet (let's say 192.168.1.0 for the first client, 192.168.2.0 for the second and so on...)
Since server can't discriminate which client is connecting, i can't use "client-config-dir ccd" options... so....
i would like to clients communicate the route to server in order to server could reach internal network of every single client...
i need a sort of "reverse push route"
example:
client1 with internal subnet 192.168.1.0, after setting up the tunnel with server and get 10.8.0.13-10.8.0.14 peers, should communicate to server that need to send packets through 10.8.1.14 to reach 192.168.1.0 network
thanks in advance,
Davide
duplicate-cn and client subnet
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue May 17, 2011 10:39 am
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: duplicate-cn and client subnet
openvpn needs to be able to distinguish the different clients; normally this is done using the client certificate, but you're using 'duplicate-cn'; an alternative is to then use username+password authentication and use '--username-as-common-name' ; if you don't want to use that either then you're out of luck.