Multiple openvpn clients on one openvpn server

security vpn openvpn

51,045

Solution 1

Yes, you can. By default, OpenVPN server doesn't allow multiple clients to connect with the same pair of cert/key; each client must have its own cert/key with an unique common name. However, multiple clients are allowed to connect to the OpenVPN server using the same pair of cert/key if duplicate-cn (allowing duplicate common name) is present in OpenVPN server's configuration file.

Solution 2

Yes you can use openvpn for multiple clients, but you'll have to setup a CA Authority and issue a unique key/cert to each client. Or setup password-based authentication and use the --duplicate-cn option.

Solution 3

I believe it's fine if every client uses their own certificate, meaning that you need to issue a certificate based on the same common private-key to each client.

It's the certificate that is the actual authorization, since there are no login-credentials with OpenVPN.

51,045

ServerDown

Updated on September 17, 2022

Comments

ServerDown over 1 year

Can I have multiple openvpn clients connecting to a single openvpn server? The following setting works well for a single user

This is the server configuration (openvpn.conf)

port 1194
proto udp
dev tun
secret openvpn-key.txt
ifconfig 192.168.2.1 192.168.2.2
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Here is the client config

dev tun
proto udp
remote HOSTNAME_IS_HERE 1194
resolv-retry infinite
nobind
secret openvpn-key.txt
ifconfig 192.168.2.2 192.168.2.1
comp-lzo
verb 3
dhcp-option DNS 172.16.0.23
redirect-gateway def1

etc/sysconfig

*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -o eth0 -j MASQUERADE
COMMIT

Things work well until a second user tries to connect using the same VPN Key, etc. How do I allow multiple users?