[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Multiple clients with Windows OpenVPN server


  • Subject: Re: [Openvpn-users] Multiple clients with Windows OpenVPN server
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Wed, 16 Jan 2008 09:14:47 -0600
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID449maPPo10483X29

Gavin Hamill wrote:
Hi :)

After having used OpenVPN on Linux successfully for 2 years, I'm setting
up a new server on Windows (not my choice...) and whilst I can get it
running, only a single client can connect at any one time. Multiple
clients fight each other for control of the same client IP.

The server package is 2.0.9 (with 1.0.3 GUI) from www.openvpn.se

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.6.50.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.6.0.0 255.255.0.0"
push "dhcp-option WINS 10.6.1.245"
push "dhcp-option DNS 10.6.1.245"
push "dhcp-option DOMAIN ourdomain.com"
keepalive 10 12
comp-lzo
max-clients 6
persist-key
persist-tun
status openvpn-status.log
verb 3

This config looks fine. The server will listen for connections and allow up to 6 clients to connect giving them an IP on the 10.6.50.0/24 network.

I have created five additional TAP-Win32 adapters to match the
max-clients 6 statement.

You only need 1 device per VPN. The fact that you may connect up to 6 clients doesn't matter - you could connect thousands of clients and would still only need a single TAP/TUN device on the server.

2.0.9 is also in use on the client, an example of whose config is here.

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert rpratt.crt
key rpratt.key
comp-lzo
verb 3

This config also looks fine based on your server config above.

The server only assigns an IP address to the "OpenVPN 1" adapter of
10.6.50.1 netmask 255.255.255.252- even though the client gets an IP of
10.6.50.6, with the server pingable at 10.6.50.5.

Yes, this is normal. In tun mode a server allocates /30 subnets to connecting clients for compatibility with Windows clients. Each client will have access to the 10.6.50.0/24 network with a custom route that is pushed with the `server` directive on your VPN server. You've also pushed a 10.6.0.0/16 super-route, so clients will also have a route to reach those networks by routing through the VPN server.

Insure your clients have the TAP adapter set to DHCP in the TCP/IP properties because the server will not hand out an IP to another client if it has already been assigned to a different VPN client. If you're still not sure what the cause of the problem is check both the server and client logs which will show what address is being handed out by the server and applied by the client.

--
Josh


Attachment: signature.asc
Description: OpenPGP digital signature