OpenVPN: fixed Ip for Client, allow only one connection!

Home Page Forums Network Management VPN OpenVPN: fixed Ip for Client, allow only one connection!

This topic contains 6 replies, has 0 voices, and was last updated by  Hummel 4 years, 10 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #43988

    Hummel
    Member

    Hey guys,

    i build a Network with a OpenVPN Host-to-LAN Connection for Roadwarriors.
    There are different groups of users, who want to connect. Each group has one User on the ZS and a fix IP via the ccd-directory.
    Everything works fine an d every client can connect. This day i tried to connect with the same configuration from another Pc, while i was connected on my own PC. The connection was succsessful and i was able to ping the Network behind the Zeroshell from both (??) Pc´s…..

    I don´t know how it works, because they both had the same (virtual) IP!!!

    Is there any way to allow only one connection per client with a fixed iP?

    I need this because every Client is for a group of users, and if e.g. two users (or more) of the group are connected with the same IP, i think it will cause Network errors.

    #53376

    Hummel
    Member

    hello,

    i tried to add the Option “–duplicate-cn no” to the Command line in zeroshell, but connection from both pc´s is still possible…

    i there any way to remove the option “–duplicate-cn” from the server-config file on the zs?

    #53377

    redfive
    Participant

    You can copy the file vpn_start (which is in /root/kerbynet.cgi/scripts/) in /Database , then modify it, eg. by removing the interested lines , (I, personally, have modified also the keepalives) , and add a command in pre-boot which replaces the original script.
    Regards

    #53378

    Hummel
    Member

    Hey Redfive,
    thank you for your comment!

    Can you tell me what (and how 😉 ) i have to add in the pre-boot?
    Never done this before….

    Thanks a lot!

    #53379

    redfive
    Participant

    I’ve created a dir (patch) where I’ve placed all my modified scripts, something like to

    mkdir /Database/patch

    then I’ve copied some files , eg. with vpn_start

    cd /root/kerbynet.cgi/scripts/
    cp vpn_start /Database/patch/

    then edited this file, saved, and in pre-boot , this line

    cp /Database/patch/vpn_start  /root/kerbynet.cgi/scripts/

    Regards

    #53380

    Hummel
    Member

    Ok, got it!
    Thank you… easy way, if you know howto 🙂

    It works, but i have the same problem as before… i can connect with the same account from both Pcs. the latest Connection is now the only one which is working. If I connect with Pc A and afterwards with Pc B with the same Client.conf, then I can ping the VPN-Network only with Pc B. On Pc A i get a “Destination Host Unreachable”-warning from the point, when Pc B connects but the VPN-Client on Pc A appears still connected! I think for the most of the client users this will appear as a connection error…

    Is there any way to “kick” the duplicated clients or not to let same client connect if another connection is already established?

    thanks in advance!

    #53381

    Hummel
    Member

    extension:

    If both Clients are still active, they are switching the connection between them. e.g. keepalive 5 60 = every 60s the other client connects again…

    #53382

    Hummel
    Member

    I found a solution for my problem:

    I deleted the keepalive command from the “vpn_start”-file and added in the command line:

    –ping 10
    –push ping-exit 25

    If Client A connects and Client B afterwards, only Client B will receive the ping from the Server every 10s. Client A gets no more pings an disconnects himself.

    Additionally i found out:
    If you are in use of user-specified file in the ccd-directory and have an “inactive” command this will not be affected by these changes.

    thank you redfive for the essential hint 😀

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.