Hi,
We have a issue where 2 clients behind a nat router are not able to connect
to an remote openvpn server. One client works but as soon as the second
client connect, the first one disconnects.
The server logs are showing multiple entries of this:
TLS Auth Error: TLS object CN attempted to change from 'client1' to
'client2' -- tunnel disabled
So it looks like the OpenVPN server detects the two different clients as
the same one trying to change certificates, so it goes into a blocking
state (tunnel disabled).
As far as I understand a client is identified by the public ip and source
port so I found this interesting:
1.2.3.4:*1194* [client1] Peer Connection Initiated with 1.2.3.4:*1194*
1.2.3.4:*1194* [client2] Peer Connection Initiated with 1.2.3.4:*1194*
*
*
Why are both clients connecting with 1194 as source port? Shouldn't this be
a random port? I guess this is why the openvpn server thinks it is the same
client.
I tried to connect with client1 certificate from another computer and
router and the port was random on connection:
5.6.7.8:*51457* [client1] Peer Connection Initiated with 5.6.7.8:*51457*
*
*
So is there some config issue on the clients behind router 1.2.3.4 causing
them to not use random ports, or is it a router nat issue ?
Thanks in advance.
Regards
Stale Johnsen
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
