Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1016 connectés 

  FORUM HardWare.fr
  Systèmes & Réseaux Pro
  Réseaux

  Plusieurs instances OpenVPN

 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

Plusieurs instances OpenVPN

n°138951
dopi
Posté le 30-03-2016 à 16:25:03  profilanswer
 

Bonjour à tous,  
 
Je suis en train de monter un serveur OpenVPN. Jusque là, cela fonctionne correctement mais...que pour un seul poste. Dès qu'un second se connecte au VPN, le premier est déconnecté (le GUI reste au vert, mais plus d'accès au serveur).  
 
Comment puis-je corriger ce point ?  
Merci.
 
Edit: Le problème semble venir de l'ip fournie par le serveur qui est 10.8.0.6 pour les deux postes clients. Est-il possible de spécifier un adressage fixe ?


Message édité par dopi le 30-03-2016 à 16:55:31
mood
Publicité
Posté le 30-03-2016 à 16:25:03  profilanswer
 

n°138954
belkav
Posté le 30-03-2016 à 17:30:58  profilanswer
 

Il fraudait normalement un certificat par client


---------------
Ma Chaine YouTube
n°138961
Je@nb
Modérateur
Kindly give dime
Posté le 30-03-2016 à 19:55:52  profilanswer
 

+1

n°138991
dopi
Posté le 31-03-2016 à 16:23:31  profilanswer
 

Ok merci pour l'info :whistle:  
J'ai généré un second certificat: OK pour les 2 clients, les IP sont différentes., toutefois, l'ajout d'un 3e et d'un 4e client me pose le même problème. Il récupère la même adresse IP.  
 
Client 1: 10.8.0.6
Client 2: 10.8.0.10
Client 3: 10.8.0.10  
Client 4: 10.8.0.10
 
Le fichier IPP.txt ne correspond pas aux adresses affectées:  
 
client1,10.8.0.4
client2,10.8.0.8
 
Auriez-vous une idée?  
Merci pour votre aide.


Message édité par dopi le 31-03-2016 à 17:13:36
n°139002
Je@nb
Modérateur
Kindly give dime
Posté le 31-03-2016 à 19:12:38  profilanswer
 

va falloir donner les fichiers de configs je pense là :D
(tu as pas donné la même clé à chaque certifs par hasard ? :D)


Message édité par Je@nb le 31-03-2016 à 19:13:07
n°139007
dopi
Posté le 31-03-2016 à 21:46:49  profilanswer
 

Merci Je@nb.
 
Voici le server.ovpn:  
 

Code :
  1. #################################################
  2. # Sample OpenVPN 2.0 config file for            #
  3. # multi-client server.                          #
  4. #                                               #
  5. # This file is for the server side              #
  6. # of a many-clients <-> one-server              #
  7. # OpenVPN configuration.                        #
  8. #                                               #
  9. # OpenVPN also supports                         #
  10. # single-machine <-> single-machine             #
  11. # configurations (See the Examples page         #
  12. # on the web site for more info).               #
  13. #                                               #
  14. # This config should work on Windows            #
  15. # or Linux/BSD systems.  Remember on            #
  16. # Windows to quote pathnames and use            #
  17. # double backslashes, e.g.:                     #
  18. # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
  19. #                                               #
  20. # Comments are preceded with '#' or ';'         #
  21. #################################################
  22. # Which local IP address should OpenVPN
  23. # listen on? (optional)
  24. ;local a.b.c.d
  25. # Which TCP/UDP port should OpenVPN listen on?
  26. # If you want to run multiple OpenVPN instances
  27. # on the same machine, use a different port
  28. # number for each one.  You will need to
  29. # open up this port on your firewall.
  30. port 1194
  31. # TCP or UDP server?
  32. ;proto tcp
  33. proto udp
  34. # "dev tun" will create a routed IP tunnel,
  35. # "dev tap" will create an ethernet tunnel.
  36. # Use "dev tap0" if you are ethernet bridging
  37. # and have precreated a tap0 virtual interface
  38. # and bridged it with your ethernet interface.
  39. # If you want to control access policies
  40. # over the VPN, you must create firewall
  41. # rules for the the TUN/TAP interface.
  42. # On non-Windows systems, you can give
  43. # an explicit unit number, such as tun0.
  44. # On Windows, use "dev-node" for this.
  45. # On most systems, the VPN will not function
  46. # unless you partially or fully disable
  47. # the firewall for the TUN/TAP interface.
  48. ;dev tap
  49. dev tun
  50. # Windows needs the TAP-Win32 adapter name
  51. # from the Network Connections panel if you
  52. # have more than one.  On XP SP2 or higher,
  53. # you may need to selectively disable the
  54. # Windows firewall for the TAP adapter.
  55. # Non-Windows systems usually don't need this.
  56. ;dev-node MyTap
  57. # SSL/TLS root certificate (ca), certificate
  58. # (cert), and private key (key).  Each client
  59. # and the server must have their own cert and
  60. # key file.  The server and all clients will
  61. # use the same ca file.
  62. #
  63. # See the "easy-rsa" directory for a series
  64. # of scripts for generating RSA certificates
  65. # and private keys.  Remember to use
  66. # a unique Common Name for the server
  67. # and each of the client certificates.
  68. #
  69. # Any X509 key management system can be used.
  70. # OpenVPN can also use a PKCS #12 formatted key file
  71. # (see "pkcs12" directive in man page).
  72. ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
  73. cert "C:\\Program Files\\OpenVPN\\config\\certificat_server.crt"
  74. key "C:\\Program Files\\OpenVPN\\config\\certificat_server.key"  # This file should be kept secret
  75. # Diffie hellman parameters.
  76. # Generate your own with:
  77. #   openssl dhparam -out dh2048.pem 2048
  78. dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
  79. # Network topology
  80. # Should be subnet (addressing via IP)
  81. # unless Windows clients v2.0.9 and lower have to
  82. # be supported (then net30, i.e. a /30 per client)
  83. # Defaults to net30 (not recommended)
  84. ;topology subnet
  85. # Configure server mode and supply a VPN subnet
  86. # for OpenVPN to draw client addresses from.
  87. # The server will take 10.8.0.1 for itself,
  88. # the rest will be made available to clients.
  89. # Each client will be able to reach the server
  90. # on 10.8.0.1. Comment this line out if you are
  91. # ethernet bridging. See the man page for more info.
  92. server 10.8.0.0 255.255.255.0
  93. # Maintain a record of client <-> virtual IP address
  94. # associations in this file.  If OpenVPN goes down or
  95. # is restarted, reconnecting clients can be assigned
  96. # the same virtual IP address from the pool that was
  97. # previously assigned.
  98. ifconfig-pool-persist ipp.txt
  99. # Configure server mode for ethernet bridging.
  100. # You must first use your OS's bridging capability
  101. # to bridge the TAP interface with the ethernet
  102. # NIC interface.  Then you must manually set the
  103. # IP/netmask on the bridge interface, here we
  104. # assume 10.8.0.4/255.255.255.0.  Finally we
  105. # must set aside an IP range in this subnet
  106. # (start=10.8.0.50 end=10.8.0.100) to allocate
  107. # to connecting clients.  Leave this line commented
  108. # out unless you are ethernet bridging.
  109. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
  110. # Configure server mode for ethernet bridging
  111. # using a DHCP-proxy, where clients talk
  112. # to the OpenVPN server-side DHCP server
  113. # to receive their IP address allocation
  114. # and DNS server addresses.  You must first use
  115. # your OS's bridging capability to bridge the TAP
  116. # interface with the ethernet NIC interface.
  117. # Note: this mode only works on clients (such as
  118. # Windows), where the client-side TAP adapter is
  119. # bound to a DHCP client.
  120. ;server-bridge
  121. # Push routes to the client to allow it
  122. # to reach other private subnets behind
  123. # the server.  Remember that these
  124. # private subnets will also need
  125. # to know to route the OpenVPN client
  126. # address pool (10.8.0.0/255.255.255.0)
  127. # back to the OpenVPN server.
  128. ;push "route 192.168.10.0 255.255.255.0"
  129. ;push "route 192.168.20.0 255.255.255.0"
  130. # To assign specific IP addresses to specific
  131. # clients or if a connecting client has a private
  132. # subnet behind it that should also have VPN access,
  133. # use the subdirectory "ccd" for client-specific
  134. # configuration files (see man page for more info).
  135. # EXAMPLE: Suppose the client
  136. # having the certificate common name "Thelonious"
  137. # also has a small subnet behind his connecting
  138. # machine, such as 192.168.40.128/255.255.255.248.
  139. # First, uncomment out these lines:
  140. ;client-config-dir ccd
  141. ;route 192.168.40.128 255.255.255.248
  142. # Then create a file ccd/Thelonious with this line:
  143. #   iroute 192.168.40.128 255.255.255.248
  144. # This will allow Thelonious' private subnet to
  145. # access the VPN.  This example will only work
  146. # if you are routing, not bridging, i.e. you are
  147. # using "dev tun" and "server" directives.
  148. # EXAMPLE: Suppose you want to give
  149. # Thelonious a fixed VPN IP address of 10.9.0.1.
  150. # First uncomment out these lines:
  151. ;client-config-dir ccd
  152. ;route 10.9.0.0 255.255.255.252
  153. # Then add this line to ccd/Thelonious:
  154. #   ifconfig-push 10.9.0.1 10.9.0.2
  155. # Suppose that you want to enable different
  156. # firewall access policies for different groups
  157. # of clients.  There are two methods:
  158. # (1) Run multiple OpenVPN daemons, one for each
  159. #     group, and firewall the TUN/TAP interface
  160. #     for each group/daemon appropriately.
  161. # (2) (Advanced) Create a script to dynamically
  162. #     modify the firewall in response to access
  163. #     from different clients.  See man
  164. #     page for more info on learn-address script.
  165. ;learn-address ./script
  166. # If enabled, this directive will configure
  167. # all clients to redirect their default
  168. # network gateway through the VPN, causing
  169. # all IP traffic such as web browsing and
  170. # and DNS lookups to go through the VPN
  171. # (The OpenVPN server machine may need to NAT
  172. # or bridge the TUN/TAP interface to the internet
  173. # in order for this to work properly).
  174. ;push "redirect-gateway def1 bypass-dhcp"
  175. # Certain Windows-specific network settings
  176. # can be pushed to clients, such as DNS
  177. # or WINS server addresses.  CAVEAT:
  178. # http://openvpn.net/faq.html#dhcpcaveats
  179. # The addresses below refer to the public
  180. # DNS servers provided by opendns.com.
  181. ;push "dhcp-option DNS 208.67.222.222"
  182. ;push "dhcp-option DNS 208.67.220.220"
  183. # Uncomment this directive to allow different
  184. # clients to be able to "see" each other.
  185. # By default, clients will only see the server.
  186. # To force clients to only see the server, you
  187. # will also need to appropriately firewall the
  188. # server's TUN/TAP interface.
  189. ;client-to-client
  190. # Uncomment this directive if multiple clients
  191. # might connect with the same certificate/key
  192. # files or common names.  This is recommended
  193. # only for testing purposes.  For production use,
  194. # each client should have its own certificate/key
  195. # pair.
  196. #
  197. # IF YOU HAVE NOT GENERATED INDIVIDUAL
  198. # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
  199. # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
  200. # UNCOMMENT THIS LINE OUT.
  201. ;duplicate-cn
  202. # The keepalive directive causes ping-like
  203. # messages to be sent back and forth over
  204. # the link so that each side knows when
  205. # the other side has gone down.
  206. # Ping every 10 seconds, assume that remote
  207. # peer is down if no ping received during
  208. # a 120 second time period.
  209. keepalive 10 120
  210. # For extra security beyond that provided
  211. # by SSL/TLS, create an "HMAC firewall"
  212. # to help block DoS attacks and UDP port flooding.
  213. #
  214. # Generate with:
  215. #   openvpn --genkey --secret ta.key
  216. #
  217. # The server and each client must have
  218. # a copy of this key.
  219. # The second parameter should be '0'
  220. # on the server and '1' on the clients.
  221. ;tls-auth ta.key 0 # This file is secret
  222. # Select a cryptographic cipher.
  223. # This config item must be copied to
  224. # the client config file as well.
  225. ;cipher BF-CBC        # Blowfish (default)
  226. ;cipher AES-128-CBC   # AES
  227. ;cipher DES-EDE3-CBC  # Triple-DES
  228. # Enable compression on the VPN link.
  229. # If you enable it here, you must also
  230. # enable it in the client config file.
  231. comp-lzo
  232. # The maximum number of concurrently connected
  233. # clients we want to allow.
  234. max-clients 100
  235. # It's a good idea to reduce the OpenVPN
  236. # daemon's privileges after initialization.
  237. #
  238. # You can uncomment this out on
  239. # non-Windows systems.
  240. ;user nobody
  241. ;group nobody
  242. # The persist options will try to avoid
  243. # accessing certain resources on restart
  244. # that may no longer be accessible because
  245. # of the privilege downgrade.
  246. persist-key
  247. persist-tun
  248. # Output a short status file showing
  249. # current connections, truncated
  250. # and rewritten every minute.
  251. status openvpn-status.log
  252. # By default, log messages will go to the syslog (or
  253. # on Windows, if running as a service, they will go to
  254. # the "\Program Files\OpenVPN\log" directory).
  255. # Use log or log-append to override this default.
  256. # "log" will truncate the log file on OpenVPN startup,
  257. # while "log-append" will append to it.  Use one
  258. # or the other (but not both).
  259. ;log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
  260. log-append  "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
  261. # Set the appropriate level of log
  262. # file verbosity.
  263. #
  264. # 0 is silent, except for fatal errors
  265. # 4 is reasonable for general usage
  266. # 5 and 6 can help to debug connection problems
  267. # 9 is extremely verbose
  268. verb 3
  269. # Silence repeating messages.  At most 20
  270. # sequential messages of the same message
  271. # category will be output to the log.
  272. ;mute 20


 
 
Le client.ovpn:  
 

Code :
  1. ##############################################
  2. # Sample client-side OpenVPN 2.0 config file #
  3. # for connecting to multi-client server.     #
  4. #                                            #
  5. # This configuration can be used by multiple #
  6. # clients, however each client should have   #
  7. # its own cert and key files.                #
  8. #                                            #
  9. # On Windows, you might want to rename this  #
  10. # file so it has a .ovpn extension           #
  11. ##############################################
  12. # Specify that we are a client and that we
  13. # will be pulling certain config file directives
  14. # from the server.
  15. client
  16. # Use the same setting as you are using on
  17. # the server.
  18. # On most systems, the VPN will not function
  19. # unless you partially or fully disable
  20. # the firewall for the TUN/TAP interface.
  21. ;dev tap
  22. dev tun
  23. # Windows needs the TAP-Win32 adapter name
  24. # from the Network Connections panel
  25. # if you have more than one.  On XP SP2,
  26. # you may need to disable the firewall
  27. # for the TAP adapter.
  28. ;dev-node MyTap
  29. # Are we connecting to a TCP or
  30. # UDP server?  Use the same setting as
  31. # on the server.
  32. ;proto tcp
  33. proto udp
  34. # The hostname/IP and port of the server.
  35. # You can have multiple remote entries
  36. # to load balance between the servers.
  37. remote *****IP***** 1194
  38. ;remote my-server-2 1194
  39. # Choose a random host from the remote
  40. # list for load-balancing.  Otherwise
  41. # try hosts in the order specified.
  42. ;remote-random
  43. # Keep trying indefinitely to resolve the
  44. # host name of the OpenVPN server.  Very useful
  45. # on machines which are not permanently connected
  46. # to the internet such as laptops.
  47. resolv-retry infinite
  48. # Most clients don't need to bind to
  49. # a specific local port number.
  50. nobind
  51. # Downgrade privileges after initialization (non-Windows only)
  52. ;user nobody
  53. ;group nobody
  54. # Try to preserve some state across restarts.
  55. persist-key
  56. persist-tun
  57. # If you are connecting through an
  58. # HTTP proxy to reach the actual OpenVPN
  59. # server, put the proxy server/IP and
  60. # port number here.  See the man page
  61. # if your proxy server requires
  62. # authentication.
  63. ;http-proxy-retry # retry on connection failures
  64. ;http-proxy [proxy server] [proxy port #]
  65. # Wireless networks often produce a lot
  66. # of duplicate packets.  Set this flag
  67. # to silence duplicate packet warnings.
  68. ;mute-replay-warnings
  69. # SSL/TLS parms.
  70. # See the server config file for more
  71. # description.  It's best to use
  72. # a separate .crt/.key file pair
  73. # for each client.  A single ca
  74. # file can be used for all clients.
  75. ca "C:\\Program Files\\OpenVPN\\easy-rsa\\ca.crt"
  76. cert "C:\\Program Files\\OpenVPN\\easy-rsa\\client1.crt"
  77. key "C:\\Program Files\\OpenVPN\\easy-rsa\\client1.key"
  78. # Verify server certificate by checking that the
  79. # certicate has the correct key usage set.
  80. # This is an important precaution to protect against
  81. # a potential attack discussed here:
  82. http://openvpn.net/howto.html#mitm
  83. #
  84. # To use this feature, you will need to generate
  85. # your server certificates with the keyUsage set to
  86. #   digitalSignature, keyEncipherment
  87. # and the extendedKeyUsage to
  88. #   serverAuth
  89. # EasyRSA can do this for you.
  90. remote-cert-tls server
  91. # If a tls-auth key is used on the server
  92. # then every client must also have the key.
  93. ;tls-auth ta.key 1
  94. # Select a cryptographic cipher.
  95. # If the cipher option is used on the server
  96. # then you must also specify it here.
  97. ;cipher x
  98. # Enable compression on the VPN link.
  99. # Don't enable this unless it is also
  100. # enabled in the server config file.
  101. comp-lzo
  102. # Set log file verbosity.
  103. verb 3
  104. # Silence repeating messages
  105. ;mute 20


 
J'ai bien vérifié, mes certificats sont bien differents.  
Je les aient générés sur le serveur par:  
 
Vars
Build-key client
 
Puis répondu aux questions...
Merci pour le coup de main!


Aller à :
Ajouter une réponse
  FORUM HardWare.fr
  Systèmes & Réseaux Pro
  Réseaux

  Plusieurs instances OpenVPN

 

Sujets relatifs
Installation 1 PC plusieurs Utilisateurs, Ecransopenvpn avec dns spécifique sur asus rt-87u
[RESOLU] mettre un groupe administrateur de plusieurs domaineschemins DFS - plusieurs sources dans même arbo
Plusieurs serveur sous IISUtilité openvpn bridgé sur freebox revolution
Enregistrement sur plusieurs bornes WifiOpenvpn sous windows 10
Configuration de plusieurs tablettes 
Plus de sujets relatifs à : Plusieurs instances OpenVPN


Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR