Home Page › Forums › Network Management › VPN › OpenVPN: fixed Ip for Client, allow only one connection!
This topic contains 6 replies, has 0 voices, and was last updated by Hummel 4 years, 7 months ago.
-
AuthorPosts
-
July 18, 2014 at 11:01 am #43988
Hey guys,
i build a Network with a OpenVPN Host-to-LAN Connection for Roadwarriors.
There are different groups of users, who want to connect. Each group has one User on the ZS and a fix IP via the ccd-directory.
Everything works fine an d every client can connect. This day i tried to connect with the same configuration from another Pc, while i was connected on my own PC. The connection was succsessful and i was able to ping the Network behind the Zeroshell from both (??) Pc´s…..I don´t know how it works, because they both had the same (virtual) IP!!!
Is there any way to allow only one connection per client with a fixed iP?
I need this because every Client is for a group of users, and if e.g. two users (or more) of the group are connected with the same IP, i think it will cause Network errors.
July 18, 2014 at 11:36 am #53376hello,
i tried to add the Option “–duplicate-cn no” to the Command line in zeroshell, but connection from both pc´s is still possible…
i there any way to remove the option “–duplicate-cn” from the server-config file on the zs?
July 19, 2014 at 10:12 am #53377You can copy the file vpn_start (which is in /root/kerbynet.cgi/scripts/) in /Database , then modify it, eg. by removing the interested lines , (I, personally, have modified also the keepalives) , and add a command in pre-boot which replaces the original script.
RegardsJuly 21, 2014 at 6:13 am #53378Hey Redfive,
thank you for your comment!Can you tell me what (and how 😉 ) i have to add in the pre-boot?
Never done this before….Thanks a lot!
July 21, 2014 at 7:20 pm #53379I’ve created a dir (patch) where I’ve placed all my modified scripts, something like to
mkdir /Database/patch
then I’ve copied some files , eg. with vpn_start
cd /root/kerbynet.cgi/scripts/
cp vpn_start /Database/patch/then edited this file, saved, and in pre-boot , this line
cp /Database/patch/vpn_start /root/kerbynet.cgi/scripts/
Regards
July 22, 2014 at 7:46 am #53380Ok, got it!
Thank you… easy way, if you know howto 🙂It works, but i have the same problem as before… i can connect with the same account from both Pcs. the latest Connection is now the only one which is working. If I connect with Pc A and afterwards with Pc B with the same Client.conf, then I can ping the VPN-Network only with Pc B. On Pc A i get a “Destination Host Unreachable”-warning from the point, when Pc B connects but the VPN-Client on Pc A appears still connected! I think for the most of the client users this will appear as a connection error…
Is there any way to “kick” the duplicated clients or not to let same client connect if another connection is already established?
thanks in advance!
July 22, 2014 at 7:59 am #53381extension:
If both Clients are still active, they are switching the connection between them. e.g. keepalive 5 60 = every 60s the other client connects again…
July 22, 2014 at 10:17 am #53382I found a solution for my problem:
I deleted the keepalive command from the “vpn_start”-file and added in the command line:
–ping 10
–push ping-exit 25If Client A connects and Client B afterwards, only Client B will receive the ping from the Server every 10s. Client A gets no more pings an disconnects himself.
Additionally i found out:
If you are in use of user-specified file in the ccd-directory and have an “inactive” command this will not be affected by these changes.thank you redfive for the essential hint 😀
-
AuthorPosts
You must be logged in to reply to this topic.