double IP numbers with OpenVPN

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

DutchMike

Occasional Visitor
On my RT-AC68U -running firmware 384.19- I have 1 OpenVPN server active.
My Synology NAS backups to two similar Synology NAS devices on geographical different locations and connect through OpenVPN.

Normally the external Synology's made connection to the router, got an IP address in the range of the set subnetmask and were accessible by that.

Sadly it is not possible to set the IP to fixed for these devices, but the Merlin-WRT is stable enough that the IP address changes hardly.

But after a reset last week, I noticed that both external Synology's get 2 OpenVPN-IP's
At first I thought nothing of it, but today they are still there; even after a reset of the router and the Synology's

Only one of the two IP's is working and there is a different portnumber(?) added to the source-IP
Is this common or is there something changed in the OpenVPN part?

Screenshot 1:
Asus router OpenVPN overview:
To check if the server assigns two IP's per connection, I've connected my laptop over vpn, but my laptop only gets 1 IP.
openvpn.jpg


Screenshot 2:
The connection screen of one of the backup Synology's. Only One IP is being received and only this is working. The xxx.xxx.0.5 is not reachable.
openvpn-2.jpg
 

Maverickcdn

Senior Member
Port numbers will be random from the clients if you don't specify lport xxx in the client openvpn config somewhere

Are these 2x external NAS connected 24/7 or intermittently? Do both external NAS share the same common name in their certificates?

Im thinking DHCP went squirrelly somewhere. Try setting static client IPs then restart all the openvpn instances and reconnect. Static ip for OpenVPN-clients (skip to 1.3 and note that names must match the VPN CN name)

I haven't tried static IPs this way myself, ymmv
 

Maverickcdn

Senior Member
Nevermind I opened my eyes and re-read, I see all your clients use the same cert/common name... you really should have a different cert/common name for every client

Remember that for each client, .... Always use a unique common name for each client.

I cant remember off hand how the DHCP handles common name vs username, and its not exactly explicitly stated but it is in the OpenVPN How To to have different common names
 
Last edited:

DutchMike

Occasional Visitor
I see what you mean. I will try to implement it the right way. Funny thing is, that this appeared since last update. Before that it worked without a glitch.

Thnx for your tip! I am happy with link to the fixed IP for VPN too! I was looking for that some time and thought it could only be done by CLI.
much appreciated!
 

Maverickcdn

Senior Member
You might try just adding duplicate-cn to the custom config of your server. I think this used to be added by default and is now removed (*shrug*). There's a note in the 384.19 change log about enabling the CCD directory and reuse of common names, maybe it's a more convoluted change that now affects you now somehow
 

DutchMike

Occasional Visitor
I haven't had time to try it. I hope to find some time this weekend to try this and then report back if it worked out. Thanks again.
 

Kitsap

New Around Here
Just an FYI... I use an older Synology NAS and have no problems setting a fixed IP address for the device. In the configuration control panel, go to the Network -> Network Interface section and select LAN then Edit. You can set both a v4 or v6 IP address.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top