0

First VPN client works like a charm (tunnel is 192.168.104.0/24 -> 192.168.104.2 assigned). But once another client logs on an identical IP is assigned. It looks there is no address pool to be defined!? pfsense 2.4.5 Windows 7 Client

Dave M
  • 4,494
  • 21
  • 30
  • 30
Reiny
  • 1

1 Answers1

0

I'm using pfSense 2.4.4 and these settings are working for me. From the pfSense menu, select VPN | OpenVPN then the Servers tab. In the Tunnel section, the IPv4 Tunnel Network is set to 192.168.104.0/24, and Concurrent Connections is set to 10. In the Client Settings, Dynamic IP is checked and Topology is net30.

CB_Ron
  • 313
  • 2
  • 10
  • On Topology net30 problem persists, now all clients get IP 192.168.104.6 (not 2). Maybe I'm missing something basic: Do I have to assign an OpenVPN Interface? On Interface Assignments it offers me opvn client and server. Do I have to assign Interfaces and connect them via bridge etc.? – Reiny Apr 21 '20 at 09:53
  • No, it is not necessary to assign interfaces or create bridges. The OpenVPN server should handle all of that automatically. But, you have an OpenVPN client defined on the pfSense? What is the purpose of it? And, do you have the openvpn-client-export package installed on pfSense? – CB_Ron Apr 21 '20 at 15:58
  • @Reiny If so, make sure **Use Random Local Port** is checked. Alternatively, edit your local config files and make sure `lport 0` is in there. Otherwise, all clients try to use the same port (default 1194). – CB_Ron Apr 21 '20 at 16:09
  • Thank @CB_Ron, maybe my basic knowledge is bad. I thought multiple Clients **do use same port 1194** just getting different IPs (I remember this from IPsec on Netgear Routers). I tried lport 0 (which is same like no entry) on Client but problem persists Yes, I do have setup a client and used the OpenVPN export package – Reiny Apr 22 '20 at 13:32
  • @Reiny On the client side, they use a random port. This is the port they communicate over after a session is established. I'm sorry but I am out of ideas for you. – CB_Ron Apr 22 '20 at 15:59
  • solved - I had to add `duplicate-cn`. I was checking possible issue with same name and CN earlier but at that time without `lport 0`. THANK YOU for all your precise answers and efforts - greetings from Czech Republic – Reiny Apr 22 '20 at 20:56