openvpn-install
openvpn-install copied to clipboard
angristan
Allow multiple clients with the same CN to concurrently connect (duplicate-cn)
If you set in the server config duplicate-cn, it's possible to connect via multiple clients with the same config. So if this configs are user-based, a user could connect via workstation and mobile at the same time. Otherwise, he need different configs or need to connect only via one client
From the man:
--duplicate-cn Allow multiple clients with the same common name to concurrently connect. In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name.
I agree that it would be a nice optional feature
i use -duplicate-cn on my ovpn config to multi login by using Angristan script.
Sir, Angistan. May l suggest an option to add username on your OpenVPN script.
This shouldn't be a Feature, but rather a Bug. If I generate multiple profiles, I expect them to work all at the same time, using different devices. I'd rather not have the duplicate-cn on my config to prevent multiple connections with identical profile. Would it be possible to, as @PHsXc suggested, implement a way to differentiate the common name in newly generated profiles? Thanks a lot
So would be fine, if everyone can decide on demand. From my point of view, profiles are used for users rather than devices, so if I have one user with multiple devices, I don't want to spread out profiles for each device as well. However, it's based on demand.
So would be fine, if everyone can decide on demand. From my point of view, profiles are used for users rather than devices, so if I have one user with multiple devices, I don't want to spread out profiles for each device as well. However, it's based on demand.
I would agree that if I give a user a profile, then it's up to the end user to install/use it on whatever device(s) they want and that all those devices can simultaneously connect.
So would be fine, if everyone can decide on demand. From my point of view, profiles are used for users rather than devices, so if I have one user with multiple devices, I don't want to spread out profiles for each device as well. However, it's based on demand.
I would agree that if I give a user a profile, then it's up to the end user to install/use it on whatever device(s) they want and that all those devices can simultaneously connect.
To me having an extra division user/device is better, in a way that you can revoke a single device certificate without bothering all the other devices too. But thats just my way of seeing it.
Please see https://serverfault.com/a/430048.
I don't agree with an option in the script but a FAQ entry because it isn't very common.
Its common requirement. USER-A supposed to have multiple connection feature. If im a staff, I connect to my VPN for my official apps. The apps supposed to be work on my home-PC & home-Laptop even concurrently.
i use -duplicate-cn on my ovpn config to multi login by using Angristan script.
Hi, how did u achieved this. I also need USER-A should have multiple device connections concurrently.
i use -duplicate-cn on my ovpn config to multi login by using Angristan script.
Hi, how did u achieved this. I also need USER-A should have multiple device connections concurrently.
Follow these and you'll be able to get it!
root@vpn:~# cd /etc/openvpn/
root@vpn:/etc/openvpn# cat server.conf
server.conf info here
duplicate-cn << ADD THIS <<
end of file
It might be useful to ask this at initial runtime (first setup) as a Yes/No question: Would you like to allow duplicate clients to connect simultaneously (multiple connections from same configuration file)? Default will be No, selection Yes, if selected Yes append duplicate-cn to server.conf . Since it's pretty straight forward and possible for some use cases, it's trivial to add, I don't see a downside in adding it.
