[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] issue with duplicate-dn


  • Subject: Re: [Openvpn-users] issue with duplicate-dn
  • From: sam <samwun@xxxxxxxxxxxxxxxx>
  • Date: Mon, 19 Jul 2004 00:35:22 +0800

Mathias Sundman wrote:

On Sun, 18 Jul 2004, sam wrote:

Mathias Sundman wrote:

On Sun, 18 Jul 2004, sam wrote:

When I enabled duplicate-dn, I tested two clients using the same certificate, but result is the new client caused the old client disconnect the connection. In the new client windows screen, pinging to the remote internal works fine, but when I switched to the old client screen, ping is not successful. The old client also being assigned the same IP address as the old client. As soon as the old client take over the connect, it can ping the Internal network.


Strange. I've had two machines connected at the same time with the same certificate. However, after that I put a specific client-config file in use, and then I got problems ofcource as both clients received the same IP address. You don't happend to use special config-file for this CN?

I m using client-config-dir, more or less same as yours.


I havn't tried to get --client-config-dir to work together with --duplicate-cn, so I can't say for sure it is supposed to work, but if you don't assign any options that really needs to be unique (like the IP address), I think it should work.

What options do you have in your config-file in the client-config-dir?

Try removing the client-config file for the CN you are trying to get to work, and see if that helps, then you know where to search...

The client-config-dir point to a directory /usr/local/etc/vpn-dir.
The vpn-dir has a file called "mobile" which is a common_name of a client's certificate.
The "mobile" file has the the following content:
push "ping 10"
push "ping-restart 60"
push "route-gateway 10.8.0.1"
push "route 192.168.9.0 255.255.255.0"


I define IP-pool in the main body of the openvpn conf file:
dev tap
port 5000
mode server
ifconfig 10.8.0.1 255.255.255.0
ifconfig-pool 10.8.0.4 10.8.0.255
...

When the second client executed and establish connection, it is assigned 10.8.0.4 rather than 10.8.0.5 which is the next available IP in teh pool.
The first client is also assigned 10.8.0.4


Thanks
sam


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users