http://openvpn.net/howto.html#pki
has directions for generating the keys, and certs-
if you're feeling masochistic, and really prefer to have one certificate for all of your users, then RTFM about what option you need to pass to allow multiple connections with identical certificates.
Hi Rob,
I'm using a method that's new to me – creating keys via the build-key-pkcs12.bat in OpenVPN's easy-rsa directory.
This results in a .p12 (certificate?) file. This .p12 is referenced in my clients' OpenVPN conf file with the "pkcs12 <username.p12> " directive. They have a .p12 and .opvn (configuration) files in their config directory.
As I say, I'm new to pkcs12 but I came from IPCop prior to pfSense and its OpenVPN instance allowed multiple connections with just a .p12 and .opvn conf file client-side.
Many thanks,
Steve
From: Rob Terhaar [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 10, 2006 10:24 PM
To: [email protected]
Subject: Re: [pfSense Support] OpenVPN only allowing one connection
are you using certificate based authentication or psk?
On 7/10/06, Steve Harman < [EMAIL PROTECTED] > wrote:
Hi!
OpenVPN [on pfSense] seems to work fine. I can connect from a client machine (OpenVPN GUI 2.0.7, Windows XP) and gain access to the permitted internal subnets etc.
However if I try to initiate subsequent connections they either fail to connect or the already successfully connected session is ditched in favor of the new connection.
This looks to me suspiciously like the OpenVPN DHCP service is only giving out a single IP (whichever machine I make a client connection from I only ever see 192.168.3.6 as the assigned address), resulting in a conflict when subsequent client(s) connect.
I have "Dynamic IP" ticked ("so that DHCP clients can connect"), "Address pool" configured to be 192.168.3.0/24 and "Use static IPs" is deselected. Would this be correct?
Thanks in advance,
Steve
