OpenVPN Asus RT-AC88U Allow only specified clients

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

SystemF

Regular Contributor
Hello! I'm trying to setup a connection between 2 machines in 2 near buildings. The client is under windows 7 with public IP - no NAT (router), only software firewall. Both server and client using public IPs from same ISP same subnet - static IPs.
Server is behing RT-AC88U (stock firmware) running openvpn in tun mode with settings:
Router LAN: 192.16.170.0/24
Interface Type: TUN
Protocol:UDP
Server Port: 49xxx
Respond to DNS: Yes
Advertise DNS to clients: No
Encryption cipher: AES-192-CBC
HMAC Authentication: SHA1
Compression: Disable
Username / Password Auth. Only: No
Authorization Mode: TLS
RSA Encryption: 1024 bit
Extra HMAC authorization: Incoming (0) (TLS-Auth)
VPN Subnet / Netmask 10.92.4.0/255.255.255.0
Push LAN to clients: Yes
Direct clients to redirect Internet traffic: No
TLS Renegotiation Time: -1
Manage Client-Specific Options:Yes
Allow Client <-> No
Allow only specified clients
Allowed Clients
Common Name(CN)
client
Subnet:xxx.xxx.xxx.xxx


I want only 1-2 clients to be able to connect to the server for sharing files throw smb. Make a lots of tests with diffrent settings on the router. Need to reset 1 time things go wrong. I want to use CN instead of username/password option. In the field Allowed Clients - Common Name(CN) i enter: client, for subnet and mask I tested with random private address like 172.16.100.0/24 and 10.189.249.0/24 diffrent from the router vpn and private lan. The client everytime connect succefully. Only when type something diffrent from "client"in the filed Common Name(CN) the second machine can't connect. Making all of this because i see a lot of scans and attack in the subnet of my isp. Someone made success with Asuswrt instead of Merlin to manage this with CN? Even is it possible? If the client wich is connection to the router is not behing NAT, what subnet and mask I must use or enter in Allowed Clients - Subnet and Mask ?
 

eibgrad

Very Senior Member
You probably need to add the following directive to the OpenVPN server config.

Code:
duplicate-cn
Without it, the CN can only be used by *one* OpenVPN client at a time.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top