On 10/18/05, Michael Renner <r...@amd.co.at> wrote: > Hi, > > First - thanks for OpenVPN, this is by far one of the most hassle-free > opensource VPN solutions out there. > > But there seems to be a problem (or undocumented behaviour?) when using > username-as-common-name in combination with concurrent sessions with identical > usernames. Currently if there's a second session connecting with the same > username as an already active session, the active sessions gets "overwritten" > with the new one, causing the former to timeout (and reconnect). Continue ad > nauseam. This behaviour goes away when you disable username-as-common-name. > > Is this intended? (I don't know openvpns behaviour when using identical > certificates when doing certificate-based authentication). > > Either way, this cost me quite a headache ;), and if it's not going to be > changed openvpn should at least throw a log message when active connections > get > "reused". >
In order to survive in a dynamic IP environment, read broadband connection without a static IP, OpenVPN allows the IP address to change. Since OpenVPN is configured with certificates it uses the certificates as the determination of this. There is the option to allow duplicate certificates, but that would seem incompatible with your current design. You should re-examine your requirements and determine what your priorities are. I would _not_ use duplicate certificates personally. -- Leonard Isham, CISSP Ostendo non ostento.
