So, there’s a nicely configured OpenVPN server, there is the client config that is proven to work with all your colleagues around and everything “just works” … or maybe, rather “just needs more work”? was it?
If you happen to suffer from irregular but painful unreliability of your OpenVPN connection on a perfectly reliable network link and in the logs you regularly happen to see something like:
[server] Inactivity timeout (--ping-restart), restarting
chances are that you have fallen into the same trap as me, and another OpenVPN user. What trap? I happily tried to use the same config (including my certificate) on three machines… nothing wrong you say? Sure, I can use it on both my desktop and laptop and everything should be fine! True, I thought so too. Until I left my work desktop on and connected in the office, I connected my desktop at home and then, since thing didn’t look nicely I tried on the laptop too… then I went to the office to check how it works there (hint: stopped working too) and…
Yes, as one user called ‘krzee’ wrote:
your clients are fighting each other for the right to be [your CN]
there is a command to let the same cert connect multiple times… but it was only intended for testing purposes, or when using username auth in addition to certs. making certs for each client will fix your problem
So – if you use the same certificate on multiple clients, be sure to disconnect before leaving the machine unattended. Or – better – create and sign different certificates for every client / machine you intend to connect from.