[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Multiple clients with Windows OpenVPN server

  • Subject: Re: [Openvpn-users] Multiple clients with Windows OpenVPN server
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Wed, 16 Jan 2008 09:14:47 -0600
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID449maPPo10483X29

Gavin Hamill wrote:
Hi :)

After having used OpenVPN on Linux successfully for 2 years, I'm setting
up a new server on Windows (not my choice...) and whilst I can get it
running, only a single client can connect at any one time. Multiple
clients fight each other for control of the same client IP.

The server package is 2.0.9 (with 1.0.3 GUI) from www.openvpn.se

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
push "route"
push "dhcp-option WINS"
push "dhcp-option DNS"
push "dhcp-option DOMAIN ourdomain.com"
keepalive 10 12
max-clients 6
status openvpn-status.log
verb 3

This config looks fine. The server will listen for connections and allow up to 6 clients to connect giving them an IP on the network.

I have created five additional TAP-Win32 adapters to match the
max-clients 6 statement.

You only need 1 device per VPN. The fact that you may connect up to 6 clients doesn't matter - you could connect thousands of clients and would still only need a single TAP/TUN device on the server.

2.0.9 is also in use on the client, an example of whose config is here.

dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
ca ca.crt
cert rpratt.crt
key rpratt.key
verb 3

This config also looks fine based on your server config above.

The server only assigns an IP address to the "OpenVPN 1" adapter of netmask even though the client gets an IP of, with the server pingable at

Yes, this is normal. In tun mode a server allocates /30 subnets to connecting clients for compatibility with Windows clients. Each client will have access to the network with a custom route that is pushed with the `server` directive on your VPN server. You've also pushed a super-route, so clients will also have a route to reach those networks by routing through the VPN server.

Insure your clients have the TAP adapter set to DHCP in the TCP/IP properties because the server will not hand out an IP to another client if it has already been assigned to a different VPN client. If you're still not sure what the cause of the problem is check both the server and client logs which will show what address is being handed out by the server and applied by the client.


Attachment: signature.asc
Description: OpenPGP digital signature