OpenVPN: fixed Ip for Client, allow only one connection!

Forums Network Management VPN OpenVPN: fixed Ip for Client, allow only one connection!

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
  • #43988

    Hey guys,

    i build a Network with a OpenVPN Host-to-LAN Connection for Roadwarriors.
    There are different groups of users, who want to connect. Each group has one User on the ZS and a fix IP via the ccd-directory.
    Everything works fine an d every client can connect. This day i tried to connect with the same configuration from another Pc, while i was connected on my own PC. The connection was succsessful and i was able to ping the Network behind the Zeroshell from both (??) Pc´s…..

    I don´t know how it works, because they both had the same (virtual) IP!!!

    Is there any way to allow only one connection per client with a fixed iP?

    I need this because every Client is for a group of users, and if e.g. two users (or more) of the group are connected with the same IP, i think it will cause Network errors.



    i tried to add the Option “–duplicate-cn no” to the Command line in zeroshell, but connection from both pc´s is still possible…

    i there any way to remove the option “–duplicate-cn” from the server-config file on the zs?


    You can copy the file vpn_start (which is in /root/kerbynet.cgi/scripts/) in /Database , then modify it, eg. by removing the interested lines , (I, personally, have modified also the keepalives) , and add a command in pre-boot which replaces the original script.


    Hey Redfive,
    thank you for your comment!

    Can you tell me what (and how 😉 ) i have to add in the pre-boot?
    Never done this before….

    Thanks a lot!


    I’ve created a dir (patch) where I’ve placed all my modified scripts, something like to

    mkdir /Database/patch

    then I’ve copied some files , eg. with vpn_start

    cd /root/kerbynet.cgi/scripts/
    cp vpn_start /Database/patch/

    then edited this file, saved, and in pre-boot , this line

    cp /Database/patch/vpn_start  /root/kerbynet.cgi/scripts/



    Ok, got it!
    Thank you… easy way, if you know howto 🙂

    It works, but i have the same problem as before… i can connect with the same account from both Pcs. the latest Connection is now the only one which is working. If I connect with Pc A and afterwards with Pc B with the same Client.conf, then I can ping the VPN-Network only with Pc B. On Pc A i get a “Destination Host Unreachable”-warning from the point, when Pc B connects but the VPN-Client on Pc A appears still connected! I think for the most of the client users this will appear as a connection error…

    Is there any way to “kick” the duplicated clients or not to let same client connect if another connection is already established?

    thanks in advance!



    If both Clients are still active, they are switching the connection between them. e.g. keepalive 5 60 = every 60s the other client connects again…


    I found a solution for my problem:

    I deleted the keepalive command from the “vpn_start”-file and added in the command line:

    –ping 10
    –push ping-exit 25

    If Client A connects and Client B afterwards, only Client B will receive the ping from the Server every 10s. Client A gets no more pings an disconnects himself.

    Additionally i found out:
    If you are in use of user-specified file in the ccd-directory and have an “inactive” command this will not be affected by these changes.

    thank you redfive for the essential hint 😀

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.