Hi,
On 04/04/17 11:39, saato...@keemail.me wrote:
I'm performing a number of tests with OpenVPN, where amongst other
things, I connect and disconnect with the same client certificate and
slightly different client config settings over and over (>75 times,
withing a short time).
I realised that I exhaust my servers IP pool pretty quickly. Even
waiting for >10 minutes before exhausting the IP pool doesn't seem to
help.
as others have stated, using "topology subnet" would help.
However, I also noticed that you're using "proto udp" in which case the
server does not 'realize' that a client has gone until a certain timeout
has expired. You can add the flag
explicit-exit-notify 3
to the client config to ensure that each client "signs out" when the
connection is terminated. This will most likely solve your exhaustion
problem.
HTH,
JJK
The goal is to find a way to prevent this from the client side. I do
not want to amend the server configuration if possible.
The server configuration is pretty simple:
port 443
proto udp
dev tun
server 172.16.0.0 255.255.255.0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/stretch-server.crt
key /etc/openvpn/server/stretch-server.key
dh /etc/openvpn/server/dh4096.pem
tls-crypt /etc/openvpn/server/static.key
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
auth SHA512
verb 3
log-append /etc/openvpn/server/log/stretch-server.log
comp-lzo
duplicate-cn
ncp-disable
------
For every new connection to the VPN the client makes, the server
hands out a new IP address. Is there some way to re-use IP addresses
on the client?
I know that it would be possible to reserve an IP for the client on
the server, but that would make it highly static.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users