5276 questions

6429 answers

10373 comments

6439 members

0 votes
413 views 1 comments
by
Hi, I have several RUT230 connected to an OpenVPN server. Every RUT230 is configured with a OpenVPN client with one ca.cert , client.cert and client.key so every time they connected they receive a different IP as configured on server.conf file of server with duplicated-cn allowed.

Now I want to assigned a fixed IP for everyone of that RUT230 but when I try to create a new client VPN connection with specific client-xx.cert and client-xx.key I click on web interface services > vpn but cannot complete the operation (this the example url https://192.168.114.103/cgi-bin/luci/;stok=b25b6d7d092eb4e8bb8b3dec756df1dc/admin/services/vpn)

I find on log of server vpn that the connection when I click on web interface, is reinstaurate with a different IP, so when I retry to modify section VPN on the new IP and I find a new login page and then when I click on vpn I receive another new IP and so on.. At this time I cannot modify any parameters in VPN connection. I cannot explain me, why all other section of web interface is working well, but not for VPN.

Do you have similar comportaments? Any suggestion?

Tested on RUT client with FW RUT2XX_R_00.01.10 and 01.12 and OpenVPN server installed on CentOS and Win2012.

3 Answers

0 votes
by
Hi Julius, thanks for your reply

1. Yes I cannot create a second OpenVPN instance via WebUI

2. Yes, RUT230 is located remotely and I'm connecting to it through OpenVPN connection from server-side via WebUI

3. If I click on WebUI on services > VPN my OpenVPN server immediately will assign a new IP to this client and I reconnect to this RUT230 using a new IP assigned from the dhcp pool.
When I connect using that new IP I go in a "loop"  because every time I click on WebUI services VPN > connection lost > new IP > login > click services VPN > connection lost and so on..

On OpenVPN server log this is what happens:

Wed Mar 25 12:33:34 2020 read UDPv6: Unknown error (code=10054)
Wed Mar 25 12:33:35 2020 client-cert/X.Y.Z.W:37483 [client-siram-3] Inactivity timeout (--ping-restart), restarting
Wed Mar 25 12:33:35 2020 client-cert/X.Y.Z.W:37483 SIGUSR1[soft,ping-restart] received, client-instance restarting
Wed Mar 25 12:33:37 2020 X.Y.Z.W:37483 TLS: Initial packet from [AF_INET6]::ffff:X.Y.Z.W:37483, sid=011781b4 2b4f7303

I try with a local RUT230 in a test enviroment, If in OpenVPN server set a fixed IP usign ccd and specified certificate installed on RUT this problem will disappear and there are no trace in VPN server log when click in WebUI on services VPN because connection to RUT230 will remain active and obviously IP assigned is always the same

.
Best answer
by

Hello,

Thank you for the clarification. I was able to reproduce the issue you have reported. However, I was disconnected from RUT230 WebUI only when I tried to save the OpenVPN configuration of the second client (see Picture 1) not after creating or saving the configuration of the second client in the Services -> VPN -> OpenVPN WebUI page (see Picture 2).

The disconnection from RUT230 after saving the OpenVPN configuration of the second client is absolutely normal because the OpenVPN service that runs on RUT230 needs to restart in order to establish the second tunnel.

Picture 1


Picture 2

0 votes
by
Hello,

Please answer the following questions to help me identify what is causing the reported issue:

1. As I understand, you are not able to create a second OpenVPN instance in the Services -> VPN -> OpenVPN WebUI page on your RUT230, while another OpenVPN client connection is active, correct?

2. Are you creating a second OpenVPN instance while connected to RUT230 WebUI from the server-side via active OpenVPN connection?

3. Could you be so kind and explain the statement below in greater detail?

"I find on log of server vpn that the connection when I click on web interface, is reinstaurate with a different IP, so when I retry to modify section VPN on the new IP and I find a new login page and then when I click on vpn I receive another new IP and so on.. At this time I cannot modify any parameters in VPN connection."
0 votes
by

Thanks Julius for your support but in my case I cannot add any second vpn entry because I lost the connection immediately when, in the WebUI, I click on menu services > vpn.