0

Recently I managed to run an OpenVPN (CE) server on a DO droplet (the most simple one: 512MB RAM, 1 core cpu)

OpenVPN installed and configured using this script: https://github.com/Nyr/openvpn-install

Problem is here: When a client is connected on only one machine, another client (using same profile) can connect to server, but cannot reach any websites.

Is there any configurations that limits maximum connections? Or its a hardware limit?

kikio
  • 161
  • 1
  • 9
  • You added the clients, right? You didn't distribute the _same_ config with the _same_ certificates to *different* users? – Lenniey Jul 07 '17 at 06:13
  • @Lenniey: yeah, assume that I have user Bob, issued a certificate and created a bob.ovpn file. He connect using this file on laptop, but connect on his mobile (at same time) failed – kikio Jul 07 '17 at 06:25
  • 2
    That's what I thought. If you want to use it that way, you need the `duplicate-cn` directive in your server configuration. It's not really recommended. Best practice is to use different configs / CNs / certs for every connection. Edit: you should also see this in your logs... – Lenniey Jul 07 '17 at 06:29
  • @Lenniey: Thanks it works. There is also this topic about duplicate-cn security concerns: https://serverfault.com/questions/104154/why-is-duplicate-cn-not-recommended-in-openvpn – kikio Jul 07 '17 at 07:26
  • @Lenniey: Would you like to post it as answer? – kikio Jul 07 '17 at 07:27
  • Did. But please _really_ consider the ramifications of the directive in a professional environment! – Lenniey Jul 07 '17 at 20:02
  • Why down vote? I said to post as answer so I can mark it as accepted one. Whats wrong with this? – kikio Jul 08 '17 at 11:12

1 Answers1

1

To reuse the same CN you must declare duplicate-cn. As you correctly pointed out this thread, you should not really set this, only if really required (and I can't think of any reason in a not-overly-complex VPN setup).

Lenniey
  • 5,090
  • 2
  • 17
  • 28