Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multiple clients with the same CN to concurrently connect (duplicate-cn) #440

Open
heutger opened this issue Jul 4, 2019 · 14 comments
Open

Allow multiple clients with the same CN to concurrently connect (duplicate-cn) #440

heutger opened this issue Jul 4, 2019 · 14 comments
Labels
enhancement

Comments

@heutger
Copy link

heutger commented Jul 4, 2019

Allow duplicate-cn been enabled via the script
@angristan
Copy link
Owner

Can you elaborate on this?

@heutger
Copy link
Author

heutger commented Jul 5, 2019

If you set in the server config duplicate-cn, it's possible to connect via multiple clients with the same config. So if this configs are user-based, a user could connect via workstation and mobile at the same time. Otherwise, he need different configs or need to connect only via one client

@angristan
Copy link
Owner

From the man:

--duplicate-cn
Allow multiple clients with the same common name to concurrently connect. In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name.

I agree that it would be a nice optional feature

@angristan angristan changed the title Feature Request Allow multiple clients with the same CN to concurrently connect (duplicate-cn) Jul 5, 2019
@PHsXc
Copy link

PHsXc commented Jul 13, 2019

i use -duplicate-cn on my ovpn config to multi login by using Angristan script.

@PHsXc
Copy link

PHsXc commented Jul 13, 2019

Sir, Angistan. May l suggest an option to add username on your OpenVPN script.

@Phoenix1o1
Copy link

This shouldn't be a Feature, but rather a Bug. If I generate multiple profiles, I expect them to work all at the same time, using different devices. I'd rather not have the duplicate-cn on my config to prevent multiple connections with identical profile. Would it be possible to, as @PHsXc suggested, implement a way to differentiate the common name in newly generated profiles?
Thanks a lot

@heutger
Copy link
Author

heutger commented Nov 12, 2019

So would be fine, if everyone can decide on demand. From my point of view, profiles are used for users rather than devices, so if I have one user with multiple devices, I don't want to spread out profiles for each device as well. However, it's based on demand.

@P-a-d-r-a-i-g
Copy link
Contributor

So would be fine, if everyone can decide on demand. From my point of view, profiles are used for users rather than devices, so if I have one user with multiple devices, I don't want to spread out profiles for each device as well. However, it's based on demand.

I would agree that if I give a user a profile, then it's up to the end user to install/use it on whatever device(s) they want and that all those devices can simultaneously connect.

@Phoenix1o1
Copy link

So would be fine, if everyone can decide on demand. From my point of view, profiles are used for users rather than devices, so if I have one user with multiple devices, I don't want to spread out profiles for each device as well. However, it's based on demand.

I would agree that if I give a user a profile, then it's up to the end user to install/use it on whatever device(s) they want and that all those devices can simultaneously connect.

To me having an extra division user/device is better, in a way that you can revoke a single device certificate without bothering all the other devices too. But thats just my way of seeing it.

@randshell
Copy link
Contributor

randshell commented Apr 22, 2020
edited
Loading

Please see https://serverfault.com/a/430048.

I don't agree with an option in the script but a FAQ entry because it isn't very common.

@vvcares
Copy link

vvcares commented Sep 24, 2021

Its common requirement. USER-A supposed to have multiple connection feature. If im a staff, I connect to my VPN for my official apps. The apps supposed to be work on my home-PC & home-Laptop even concurrently.

@vvcares
Copy link

vvcares commented Sep 24, 2021

i use -duplicate-cn on my ovpn config to multi login by using Angristan script.

Hi, how did u achieved this. I also need USER-A should have multiple device connections concurrently.

@bchewy
Copy link

bchewy commented Feb 10, 2022

i use -duplicate-cn on my ovpn config to multi login by using Angristan script.

Hi, how did u achieved this. I also need USER-A should have multiple device connections concurrently.

Follow these and you'll be able to get it!
root@vpn:~# cd /etc/openvpn/
root@vpn:/etc/openvpn# cat server.conf

server.conf info here

duplicate-cn << ADD THIS <<

end of file

@gits7r
Copy link
Contributor

gits7r commented Jun 6, 2023

It might be useful to ask this at initial runtime (first setup) as a Yes/No question: Would you like to allow duplicate clients to connect simultaneously (multiple connections from same configuration file)? Default will be No, selection Yes, if selected Yes append duplicate-cn to server.conf . Since it's pretty straight forward and possible for some use cases, it's trivial to add, I don't see a downside in adding it.

@hwdsl2 hwdsl2 mentioned this issue Jul 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@heutger @P-a-d-r-a-i-g @Phoenix1o1 @vvcares @gits7r @angristan @bchewy @PHsXc @randshell