[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Multiple Clients behind a broadband router

  • Subject: Re: [Openvpn-users] Multiple Clients behind a broadband router
  • From: Trevor Lauder <tlauder@xxxxxxxxxxxxxxx>
  • Date: Wed, 20 Oct 2004 16:37:22 -0600

On October 20, 2004 12:48 pm, James Yonan wrote:
> On Wed, 20 Oct 2004, Trevor Lauder wrote:
> > Hello,
> >
> > I've run into a problem with having multiple Windows OpenVPN Beta11
> > clients behind a broadband router (have tried SMC, DLINK) connecting to a
> > Linux OpenVPN beta11 server.  The connections are using UDP on port 4000
> > and what happens is one workstation can connect to the VPN, however when
> > another workstation behind the same firewall connects it ends up booting
> > the first workstation off.  The only way around it that I've found is
> > having each workstation connect to a different port, so workstation #1
> > would use UDP 4001, Workstation #2 would use UDP 4002, etc.  That seems
> > to work but it's a real pain for maintenance, etc.  Does anyone know if
> > this is a NAT problem on some of the basic broadband routers?  Is there a
> > certain brand / model that seems to work with multiple OpenVPN clients
> > behind it all using a single UDP port?  Any feedback would be
> > appreciated.
> First, make sure this isn't a --duplicate-cn issue (see FAQ).
> Then try --nobind on the clients.
> Finally, if that doesn't work, use a different --lport for each client
> (though it sounds like that's what you're already doing above).
> James

Thanks for all of the respones to my problem.  To clarify how I have things 

Each workstation is using their own certificate, no duplicates.

I haven't tried --nobind so I will give that a try and let you know.

I didn't use the --lport option to change the port, I used --port on the 
server and the client to change the port each client connects too.  There are 
3 OpenVPN processes running using the same ca.crt and options except all 3 
are listening on different ports.  The 3 workstations then connect to one of 
those ports.  Would using --lport and keeping the server port the same for 
all 3 make a difference over what I am already doing?

The other thing I've had to do on the broadband routers is setup either port 
forwarding back into the client on the UDP ports or setup trigger ports.  
Should I have to do that?  On a real Linux firewall using IPTables it would 
work out of the box with connection tracking wouldn't it?

Trevor Lauder
Senior Linux Analyst

LAN Solutions
Telephone: (403) 255-5026
WWW: http://www.lansolutions.ca
E-Mail: tlauder@xxxxxxxxxxxxxxx

Openvpn-users mailing list