This topic contains 6 replies, has 0 voices, and was last updated by 
-
Posts
-
Hey guys,
i build a Network with a OpenVPN Host-to-LAN Connection for Roadwarriors.
There are different groups of users, who want to connect. Each group has one User on the ZS and a fix IP via the ccd-directory.
Everything works fine an d every client can connect. This day i tried to connect with the same configuration from another Pc, while i was connected on my own PC. The connection was succsessful and i was able to ping the Network behind the Zeroshell from both (??) Pc´s…..I don´t know how it works, because they both had the same (virtual) IP!!!
Is there any way to allow only one connection per client with a fixed iP?
I need this because every Client is for a group of users, and if e.g. two users (or more) of the group are connected with the same IP, i think it will cause Network errors.
hello,
i tried to add the Option “–duplicate-cn no” to the Command line in zeroshell, but connection from both pc´s is still possible…
i there any way to remove the option “–duplicate-cn” from the server-config file on the zs?
You can copy the file vpn_start (which is in /root/kerbynet.cgi/scripts/) in /Database , then modify it, eg. by removing the interested lines , (I, personally, have modified also the keepalives) , and add a command in pre-boot which replaces the original script.
RegardsHey Redfive,
thank you for your comment!Can you tell me what (and how 😉 ) i have to add in the pre-boot?
Never done this before….Thanks a lot!
I’ve created a dir (patch) where I’ve placed all my modified scripts, something like to
mkdir /Database/patchthen I’ve copied some files , eg. with vpn_start
cd /root/kerbynet.cgi/scripts/
cp vpn_start /Database/patch/then edited this file, saved, and in pre-boot , this line
cp /Database/patch/vpn_start /root/kerbynet.cgi/scripts/Regards
Ok, got it!
Thank you… easy way, if you know howto 🙂It works, but i have the same problem as before… i can connect with the same account from both Pcs. the latest Connection is now the only one which is working. If I connect with Pc A and afterwards with Pc B with the same Client.conf, then I can ping the VPN-Network only with Pc B. On Pc A i get a “Destination Host Unreachable”-warning from the point, when Pc B connects but the VPN-Client on Pc A appears still connected! I think for the most of the client users this will appear as a connection error…
Is there any way to “kick” the duplicated clients or not to let same client connect if another connection is already established?
thanks in advance!
extension:
If both Clients are still active, they are switching the connection between them. e.g. keepalive 5 60 = every 60s the other client connects again…
I found a solution for my problem:
I deleted the keepalive command from the “vpn_start”-file and added in the command line:
–ping 10
–push ping-exit 25If Client A connects and Client B afterwards, only Client B will receive the ping from the Server every 10s. Client A gets no more pings an disconnects himself.
Additionally i found out:
If you are in use of user-specified file in the ccd-directory and have an “inactive” command this will not be affected by these changes.thank you redfive for the essential hint 😀
You must be logged in to reply to this topic.