0

I have 3 Windows clients which connect to an openVPN server on a Debian 6.0 server. The connection can be established for each one of them without errors, however, if I want to disconnect client1 and connect client2 the openvpn service on the server must be restarted..and this is only possible if I comment ifconfig-pool-presist ipp.txt, which is quite annyoing, restarting every time another client wants to connect. The first connected client after a restart however can connect and disconnect as much as desired.

If I do not restart the openvpn service before connecting with a different client, openVPN Gui 2.3 shows the connection as established, but ping is not possible.

Does anybody have an idea what might cause this strange behaviour / where I could start looking?

Below is my server conf (as you can see I increased the max-clients number, just in case this could be the problem, but it didn't fix it..)

port 1194
proto udp
dev tun1
topology subnet
ifconfig-noexec
route-noexec
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.240.43.0 255.255.255.0
;ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.240.43.1"
keepalive 10 120
comp-lzo
max-clients 100
persist-key persist-tun
status openvpn-status.log
log        /etc/openvpn/openvpn.log
verb 6

--

Edit: additional client configuration, see openvpn: connection established, can't ping server tun interface (debian server, windows & os x clients)

client
dev tun1
(rename openvpn network on Windows machine if there are more than one present)
dev-node openVPN
proto udp
remote [public-ip-address-of-my-server] 1194
(Dummy default gateway to work around Windows 'unidentified
network'/'unknown network'):
route-metric 50 route 0.0.0.0 0.0.0.0 10.240.43.1
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\Program Files (x86)\OpenVPN\config\ca.crt"
cert "C:\Program Files (x86)\OpenVPN\config\client1.crt"
key "C:\Program Files (x86)\OpenVPN\config\client1.key"
ns-cert-type server
comp-lzo verb 3

openVPN GUI is started with Admin rights to allow adding of routes

--

Any help is greatly appreciated! Thank you!

Community
  • 1
hreimer
  • 171
  • 1
  • 2
  • 9
  • Do the clients have different certificates? – mgorven Feb 13 '13 at 23:04
  • yes, they all have different certificates/keys, only the ca.crt is shared..is this correct? – hreimer Feb 13 '13 at 23:07
  • Yup, that's correct. Why do you have `ifconfig-noexec` and `route-noexec`? – mgorven Feb 13 '13 at 23:08
  • Can you post a typical client config? Is the client starting as a non-root user? Have you set the `persist-tun`, and `persist-key` options? – Zoredache Feb 13 '13 at 23:38
  • `ifconfig-noexec` and `route-noexec` are needed because my vServer does not allow these functions to get executed and I get errors when starting openvpn server when they are not there. No, client is starting with admin rights on windows so routes can be added, is that what you meant? `persist-tun` and `persist-key` are set on the clients as well. I will edit my question to provide you with additional information. – hreimer Feb 14 '13 at 11:43

1 Answers1

0

Since the problem could not be solved because I didn't find any errors in the logs and experts from outside also couldn't help but I was able to configure openvpn with the same config on another machine (root server, ubuntu) the solution was to switch from the previously Linux-vServer based virtual server to a KVM-based vserver from the same company and now everything concerning openvpn works as expected.

hreimer
  • 171
  • 1
  • 2
  • 9