Answer the question
In order to leave comments, you need to log in
D
D
Denis Shavaleev2020-11-02 11:47:51
Denis Shavaleev, 2020-11-02 11:47:51
Client connections interrupt each other. How can I fix it?
Good day!
There is such a moment, OpenVPN + easy-rsa is installed on CentOS8, I configured the central switch to forward the port from an external address to the server. In general, connections start without problems, but either to the best of their curvature, or for some other reason, when there is one connection, everything goes without problems, as soon as someone else connects, the connections begin to tear each other. I read the mana, I could not understand what the joke could be, tk. in general, according to the config, everything seems to be correct. although I am more than sure that I screwed up in them.
server.conf
local 192.168.88.202
port 65000
proto tcp4
dev tun
ca /etc/openvpn/server/keys/ca.crt
cert /etc/openvpn/server/keys/ovp.crt
key /etc/openvpn/server/keys/ovp.key
dh /etc/openvpn/server/keys/dh.pem
tls-auth /etc/openvpn/server/keys/ta.key 0
crl-verify /etc/openvpn/server/keys/crl.pem
server 174.25.67.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.5.0 255.255.255.0"
push "route 192.168.7.0 255.255.255.0"
push "route 192.168.8.0 255.255.255.0"
push "route 192.168.42.0 255.255.255.0"
push "route 192.168.88.0 255.255.255.0"
push "route 192.168.113.0 255.255.255.0"
push "route 192.168.203.0 255.255.255.0"
ifconfig-pool-persist /etc/openvpn/server/ipp.txt
keepalive 10 120
max-clients 100
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
daemon
mode server
tls-server
comp-lzo yes
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
tcp-nodelay
local 192.168.88.202
port 65000
proto tcp4
dev tun
ca /etc/openvpn/server/keys/ca.crt
cert /etc/openvpn/server/keys/ovp.crt
key /etc/openvpn/server/keys/ovp.key
dh /etc/openvpn/server/keys/dh.pem
tls-auth /etc/openvpn/server/keys/ta.key 0
crl-verify /etc/openvpn/server/keys/crl.pem
server 174.25.67.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.5.0 255.255.255.0"
push "route 192.168.7.0 255.255.255.0"
push "route 192.168.8.0 255.255.255.0"
push "route 192.168.42.0 255.255.255.0"
push "route 192.168.88.0 255.255.255.0"
push "route 192.168.113.0 255.255.255.0"
push "route 192.168.203.0 255.255.255.0"
ifconfig-pool-persist /etc/openvpn/server/ipp.txt
keepalive 10 120
max-clients 100
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
daemon
mode server
tls-server
comp-lzo yes
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
tcp-nodelay
client.ovpn
client
dev tun
proto tcp4
remote xxx.xxx.xxx.xxx 65000
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
dh dh.pem
tls-client
tls-auth ta.key 1
float
keepalive 10 120
comp-lzo
verb 0
cert d_shavaleev.crt
key d_shavaleev.key
client
dev tun
proto tcp4
remote xxx.xxx.xxx.xxx 65000
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
dh dh.pem
tls-client
tls-auth ta.key 1
float
keepalive 10 120
comp-lzo
verb 0
cert d_shavaleev.crt
key d_shavaleev.key
2 answer(s)
@Shavaleev_DieZ
M
mureevms, 2020-11-02 @Shavaleev_DieZ
If the same client key/certificate is used for all clients, then this is normal OpenVPN server behavior. To allow multiple clients to use the same key/certificate, add the line duplicate-cn.
But this is not very good for control and security, so it is better for each client to issue its own certificate.
Similar questions
A
H
M
D
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question