What's new

Problem with more than 1 client connected to VPN at a time.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dazed

New Around Here
I setup 2 devices on on my RT-AC68R 386.2_6 and both are working great except that when one connects the other disconnects.

Is it possible to run 2 devices in the same tunnel, or do I need to take turns, or use my second VPN?

I do see they get the same address each time....I don't understand why you could have up to 32 clients, and not have more than 1 connect.

I also have 1 user (my router login name) I cannot delete on the users tab....is that normal?

EDIT: I figured it out it's the radio button Manage Client-Specific Options under the VPN Server advanced tab (as seen in photo 3rd radio button from bottom of image). When switched to no It worked. Now to figure out how to make it work with it on to keep clients sepereated....it probably involves adding them at the bottom.

After all I had selected Allow only specified clients to No.

ASUS Wireless Router RT-AC68R - VPN Server.png
 
Last edited:
Tried connecting 1 thru cellular, and other thru wireless and still had same problem. I thought maybe was a limit on in-house connections.
 
When switched to no It worked. Now to figure out how to make it work with it on to keep clients sepereated....it probably involves adding them at the bottom.
If you use that, you need to have different client certificate for each connecting client, or downgrade security by adding "duplicate-cn" to the custom settings (untested).

BTW your system log should tell you why clients are getting disconnected.
 
).

BTW your system log should tell you why clients are getting disconnected.
It's as you mentioned
Code:
new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.

So as I understand I need to have some kind of separate (or different) certificate added to the client1.ovpn file.

Not sure where or how I would make that (so each one is different), as it doesn't appear to be included in the webGUI on the router. I'm guessing it is some kind of add to the server thru command line, from some kind of generator that makes random keys. I guess I can leave it to off, until I figure out how to make, and import separate certificates since the name password user accounts don't differentiate in this scenario.

The question is what is the default VPN security options in the scenario were i made it work by selecting "No" radio button on the Manage Client-Specific Options (are clients seperated from any interaction?)

Thanks.
 
Last edited:
Client-specific options is only needed for more advanced configuration scenarios, and requires manual configuration on your part, for instance manually generating every individual client certificates yourself. Best to leave that disabled unless you have a particular reason to want it.
 
At the moment, a router is connected as a client, which is located 100 km from me. If I execute "./clean-all", will the remote server disconnect from the VPN?
This has no impact on the VPN, only on the Easy-RSA environment.

Note that, ideally, you should instead use Easy-RSA on a different machine (like a local Linux VM). Keeping the generated private keys on the router itself can be considered a security risk.

There are also other alternatives to Easy-RSA, like XCA on Windows, which is a GUI for managing key/certs. It's not as straightforward as easy-rsa however. There is also Easy-RSA3 which is more modern than Easy-RSA2. The Asuswrt-Merlin version had to be patched to stop using deprecated SHA1 hashes for example.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top