Amahi Forums

I've ran into a problem when wanting to connect multiple users on the default VPN setup. The problem seems to be that when you setup your client machine using the information provided in the Wiki every client connects using the same client certificate. I assume then when you connect to the VPN it see's each client as the same machine then issuing them each the same IP address, obviously this is a problem. I believe that the user name and password authentication is happening via Samba, but the authentication with the OpenVPN server is happening using the certificate thus the VPN server itself thinks that the same user is connecting.

My quick fix for this has been stopping the OpenVPN service then starting it with the switch --client-cert-not-required. After doing so each client that connects is then giving a unique IP address instead of the same. Obviously you may see where not requiring a certificate to connect is a security problem.

So my question is, has anybody else had this trouble? If so what was your solution? Or do you know how to go about generating separate client certificates?

Will this help?

http://blog.networksynapse.net/index.ph ... cript.html

Just add the following line to your amahi.conf file located in /etc/openvpn/


duplicate-cn

I did mine right after the keepalive entry, although I don't think it matters much.

This worked like a charm for me. Though I'm finding that very large files drop the transfer after a while. Not sure if it's related to this or not.

CPG, I noticed that my duplicate--cn line keeps disappearing. Is it getting purged when Amahi updates? Since it works so well, can we just make it a standard? I found that the issues I was having were related to other network issues (ip conflict). Also, if it's an auto-update deal, is there a way I can remove myself from that list and just manually update as desired? I'm just worried in case something goes wrong, and my HDA loses stability when I need it most.

good catch. this was caused by updates, yes ... however, that was a work-around for a bug we had a bit ago.

we just fixed that. can you try this rpm? 32bits or 64bits

rpm -Uvh ......

this rpm does two things:

- makes the duplicate-cn the default
- still performs updates on the amahi.conf file but does not restart the openvpn server

this rpm requires that users do service openvpn restart to get this going. not you in particular, since you already have duplicate-cn.

--

as for disabling updates, i usually discourage it, however, if you really want to, though, you can by moving /etc/cron.hourly/hda-update out of that directory.

reliability ("being there when needed") is a major major area for amahi. we simply do not want stability issues and we're extremely careful about anything that could disrupt things even minimally.

the reason we discourage it is because, from experience, it can lead to more support issues later down the road and time wasted. also, it would prevent the ability to make updates on major vulnerabilities (rare, but it happened once with a DNS issue!).

I appear to still be having this issue, with the "duplicate-cn" disappearing on update. Was this ever incorporated into an update or is it perhaps broken again?

I have the same issue with openvpn/amahi.conf updates disappearing. There was an update on Friday that wiped out my changes.

I also have the same problem when multiple users connect with VPN.

So i just add 'duplicate-cn' to '/etc/openvpn/amahi.conf'

it seems work fine.

Is it solved?