July 18, 2014 at 11:01 am #43988
i build a Network with a OpenVPN Host-to-LAN Connection for Roadwarriors.
There are different groups of users, who want to connect. Each group has one User on the ZS and a fix IP via the ccd-directory.
Everything works fine an d every client can connect. This day i tried to connect with the same configuration from another Pc, while i was connected on my own PC. The connection was succsessful and i was able to ping the Network behind the Zeroshell from both (??) Pc´s…..
I don´t know how it works, because they both had the same (virtual) IP!!!
Is there any way to allow only one connection per client with a fixed iP?
I need this because every Client is for a group of users, and if e.g. two users (or more) of the group are connected with the same IP, i think it will cause Network errors.July 18, 2014 at 11:36 am #53376
i tried to add the Option “–duplicate-cn no” to the Command line in zeroshell, but connection from both pc´s is still possible…
i there any way to remove the option “–duplicate-cn” from the server-config file on the zs?July 19, 2014 at 10:12 am #53377
You can copy the file vpn_start (which is in /root/kerbynet.cgi/scripts/) in /Database , then modify it, eg. by removing the interested lines , (I, personally, have modified also the keepalives) , and add a command in pre-boot which replaces the original script.
RegardsJuly 21, 2014 at 6:13 am #53378
thank you for your comment!
Can you tell me what (and how 😉 ) i have to add in the pre-boot?
Never done this before….
Thanks a lot!July 21, 2014 at 7:20 pm #53379
I’ve created a dir (patch) where I’ve placed all my modified scripts, something like to
then I’ve copied some files , eg. with vpn_start
cp vpn_start /Database/patch/
then edited this file, saved, and in pre-boot , this line
cp /Database/patch/vpn_start /root/kerbynet.cgi/scripts/
RegardsJuly 22, 2014 at 7:46 am #53380
Ok, got it!
Thank you… easy way, if you know howto 🙂
It works, but i have the same problem as before… i can connect with the same account from both Pcs. the latest Connection is now the only one which is working. If I connect with Pc A and afterwards with Pc B with the same Client.conf, then I can ping the VPN-Network only with Pc B. On Pc A i get a “Destination Host Unreachable”-warning from the point, when Pc B connects but the VPN-Client on Pc A appears still connected! I think for the most of the client users this will appear as a connection error…
Is there any way to “kick” the duplicated clients or not to let same client connect if another connection is already established?
thanks in advance!July 22, 2014 at 7:59 am #53381
If both Clients are still active, they are switching the connection between them. e.g. keepalive 5 60 = every 60s the other client connects again…July 22, 2014 at 10:17 am #53382
I found a solution for my problem:
I deleted the keepalive command from the “vpn_start”-file and added in the command line:
–push ping-exit 25
If Client A connects and Client B afterwards, only Client B will receive the ping from the Server every 10s. Client A gets no more pings an disconnects himself.
Additionally i found out:
If you are in use of user-specified file in the ccd-directory and have an “inactive” command this will not be affected by these changes.
thank you redfive for the essential hint 😀
You must be logged in to reply to this topic.