How to prevent simultaneous connection to openvpn with the same certificate?

N

nymitr2016-04-18 13:41:34

openvpn

nymitr, 2016-04-18 13:41:34

There is an openvpn server.
There is no duplicate-cn in the config.
When a second client connects with the same certificate and key, the first client's connection is not interrupted. Clients are assigned the same ip. Traffic goes only from the last connected.
Tested with clients on windows, linux and android - the picture is the same everywhere.
Server config:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3
crl-verify /etc/openvpn/crl.pem

Client config:

client
dev tun
proto udp
remote example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 client.p12
remote-cert-tls server
tls-auth ta.key 1
comp-lzo
verb 3

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

satoo, 2016-05-19
@nymitr

this behavior, apparently, by design
With the option disabled (by default), the new client "knocks out" the old one. Nowhere does it say that the new one simply won't be able to connect. Those. by default just one client at a time. Last

A

Alexander Chernykh, 2021-02-25
@sashkets

It is necessary to limit the number of concurrent connections
Allowed in the duplicate-cn config. The first one will connect. We cut the connection of the second one with a script
. Whoever got up first - that and sneakers :-)