Hi,

On 04/04/17 11:39, saato...@keemail.me wrote:
I'm performing a number of tests with OpenVPN, where amongst other things, I connect and disconnect with the same client certificate and slightly different client config settings over and over (>75 times, withing a short time).

I realised that I exhaust my servers IP pool pretty quickly. Even waiting for >10 minutes before exhausting the IP pool doesn't seem to help.


as others have stated, using "topology subnet" would help.
However, I also noticed that you're using "proto udp" in which case the server does not 'realize' that a client has gone until a certain timeout has expired. You can add the flag
  explicit-exit-notify 3
to the client config to ensure that each client "signs out" when the connection is terminated. This will most likely solve your exhaustion problem.

HTH,

JJK

The goal is to find a way to prevent this from the client side. I do not want to amend the server configuration if possible.

The server configuration is pretty simple:
port 443

proto udp

dev tun

server 172.16.0.0 255.255.255.0

ca /etc/openvpn/server/ca.crt

cert /etc/openvpn/server/stretch-server.crt

key /etc/openvpn/server/stretch-server.key

dh /etc/openvpn/server/dh4096.pem

tls-crypt /etc/openvpn/server/static.key

tls-version-min 1.2

tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

cipher AES-256-CBC

auth SHA512

verb 3

log-append /etc/openvpn/server/log/stretch-server.log

comp-lzo

duplicate-cn

ncp-disable


------

For every new connection to the VPN the client makes, the server hands out a new IP address. Is there some way to re-use IP addresses on the client?

I know that it would be possible to reserve an IP for the client on the server, but that would make it highly static.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to