When --duplicate-cn is not beeing used the first client is disconnected if
a second client connects with the same certificate.
This is exactly how it should be, however, the symptoms on a client that
is disconnected this way is just like you have lost connectivity, and
ping-restart causes a reconnect which makes the tunnel work for a few
I've done this by mistake twice now, and was just as frustrated both times
what the heck was wrong! The log gives me no clue why it's
I know I shouldn't be copying my certificate to other machines, but
sometimes I do for testing, and this would also happend if your key/cert
Therefor I'd like to ask how much work it would take, and if it would be a
good thing to add a feature that notifies the client that it will be
disconnected due to a second connection with the same cert, so this can be
printed in the clients log.
Normally this happends if you have really lost connectivity and
reconnects, but in this case the old client is already gone, so no false
log message will be printed. But if you do the same misstake as me, or if
your cert has really been stolen and someone tries to connect while
you're connected, then you could see this in the log.