New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenVPN More than one user at a time
serverhunter_old
Member
in Help
When using OpenVPN, if another person connects the first connection is dropped. How do I make it so a unlimited number of people can connect?
Comments
Why not create more than one user on the OpenVPN server?
Because everyone will be using the same user file.
https://github.com/Nyr/openvpn-install
Use that, it can create more than one user/file.
We can't use the same user more than 1 concurrent login. If 1 user connected, they will be assigned 1 IP Address. If another person login using the same user/password, they will be disconnected.
I'm having this issue when I want to make an openvpn for all people at my office using 1 username/password. Solution is only make 1 user for 1 person to login.
Add
duplicate-cn
to the server conf file.The whole point of it is that everyone will be using the same profile, using that won't help.
Doesn't seem to work unless I did it wrong.
This directive on the server is indeed the solution, but not recommended for normal usage. I can't think of many good reasons to be using the same certificate for multiple users.
You could use a preshared key, but then again generating different certificates is just as easy. https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
You probably did something wrong. No offence intended. OpenVPN doesn't allow the same certificate to be used concurrently. This directive allows that.
Did you restart the process after changing the conf file?
P.S. As @Nyr mentioned, using this is discouraged; there's more info in the OpenVPN docs regarding why.
Yeah I restarted the server and that seemed to fix it, thanks. I don't really care much about security, as all Im using this for is to change the geolocation. Whats the main risk of using it?
you'll have to revoke that key and issue a new one to everyone.
if you used 1 cert/1 person, that the rest of the keys would remain fine.
Why would I ever need to revoke a key?
If the device on which the certificate is installed is lost or stolen, if the key somehow gets compromised, if an employee leaves a company, etc., etc.
I meant the same thing cert=key, sorry.
OpenVPN Access Server
Just use SoftEther VPN, it also include unlimited user connection via OpenVPN protcol.
but extremely slow unless you use bridge
Setting OpenVPN also require tun/tap.
Same goes to SoftEther VPN.
you do not need tun/tap for SoftEther.
you can edit iptables to allow anyone in a specific group to route through the vpn virtual interface. there is a term for this, but i forgot it. sorry.
edit: relevant link https://www.niftiestsoftware.com/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/
It's true that SoftEther can do secureNAT, but it is not as fast as local bridge.
That is why local bridge is must to ensure high network performance.
It also support L2TP,SSTP,SSL-VPN, ICMP VPN and DNS base VPM out of the box. No need to install additional Software.