I'm trying to set-up OpenVPN server with radius authentication and accounting. Basics are working. Users can authenticate to OpenVPN server with their Radius accounts but there is a problem about simultaneous connection which i couldn't fix. Also I don't have any clue about cause of problem.
The problem is Simultaneous-Use attribute is not working at all. If two clients try to connect with same username infinite loop starts. When Client #2 tries to connect while Client #1 already connected, server disconnects Client #1 and connects Client #2. Just after Client #2 connected, Client #1 tries to reconnect and disconnects Client #2. It keeps going like that forever. In correct situtation, server should block Client #2 from connecting if Client #1 is connected.
Here is my OpenVPN config.
port 443
proto tcp
dev tun
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/EntityName.crt
key /etc/openvpn/ssl/EntityName.key
dh /etc/openvpn/ssl/dh.pem
crl-verify /etc/openvpn/ssl/crl.pem
tls-auth /etc/openvpn/ssl/ta.key 0
plugin /etc/openvpn/radius/radiusplugin.so /etc/openvpn/radius/radius.cnf
username-as-common-name
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
persist-key
persist-tun
keepalive 10 60
reneg-sec 0
tun-mtu 1468
cipher AES-256-CBC
tun-mtu-extra 32
mssfix 1400
push "persist-key"
push "persist-tun"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
status /var/log/openvpn/status.log 1
log-append /var/log/openvpn/openvpn.log
verb 3
client-connect /etc/openvpn/statuschange.sh
client-disconnect /etc/openvpn/statuschange.sh
script-security 2
management 127.0.0.1 7777
And this is radius plugin config file.
subnet=255.255.255.0
overwriteccfiles=true
useauthcontrolfile=false
accountingonly=false
nonfatalaccounting=false
server
{
acctport=1813
authport=1812
name=OpenVPN server ip.
retry=1
wait=1
sharedsecret=MySecret
}
