Opening Limits for OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Opening Limits for OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Opening Limits for OpenVPN
Opening Limits for OpenVPN
2022-10-31 12:31:48
Tags: #Marketing fail
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.2.1

We purchased the ER7206 for it's OpenVPN capabilities but we've hit a snag. We're using OpenVPN and setup and connecting to OpenVPN couldn't be easier.

- Add an entry in the OpenVPN Server List

- install the OpenVPN connect on the client computer

- Export the configuration file from the router

- Import the configuration file into the client software

 

*Connected*

 

The problem occurs when we have 2 users using the same exported configuration. It turns out that the Router doesn't have the -duplicate-cn option turned on by default and there are no OpenVPN Server configurations where I can input this. Which means for each user I have to create a new OpenVPN Server instance and export individual configurations files.

 

Ok no sweat I can do that. However the lowest IP Pool mask I can use is /29 which means for every user that connects, I have to allocate 8 IP Addresses (6 usable)? If your Marketing says I can use 50 OpenVPN connections, that means I have to allocate 8x50 IP addresses. i.e. 450 IP Addresses required for 50 OpenVPN connections?

 

Why can I not use a /30 and half that count so that your marketing can actually claim 50 OpenVPN connections (on a class C network setup)? Or maybe give us the ability to use the same exported cert file for multiple users?

 

Or maybe there is something I'm missing? Any help would be appreciated.

  0      
  0      
#1
Options
3 Reply
Re:Opening Limits for OpenVPN
2022-11-01 07:45:17

  @Bluebeep 

 

Not sure if I understand you correctly..However on my router,

1. The openVPN config file can be applied to different client devices. I think I have at least two PCs are running the same file;

 

2. I cannot add new openVPN entry since I only use one WAN port. From my understanding one WAN port can only handle one OpenVPN server.

  0  
  0  
#2
Options
Re:Opening Limits for OpenVPN
2022-11-02 12:37:25

  @Somnus I have attached a couple of screenshots...

 

This is a list of OpenVPN Servers I have created. One OpenVPN Server per user.

 

 

 

Here is the detail for a single server. Please see that I'm using a /29 coz I can't use /30 or /31 (the router doesn't accept it).

 

 

 

If I only have one VPN Server, and I export that file, I can send that file to multiple users and each can access that one VPN. However, not concurrently. Each OpenVPN Server will ONLY allow one connection. So if I need 12 users connected, I need 12 instances of OpenVPN Server setup.

 

A /29 means I have to allocate 8 IP Addresses for each OpenVPN Server. Which means if I want 12 concurrent users I need 12 OpenVPN Servers each needing 8 IPs for a total of 96 IP Addresses.

 

That's where the complaint is... Me allocating 96 IP Addresses so that I can have 12 users connected seems like could be better managed with a /30 so I can save on my internal IPs. Or I could take my internal network down to a /23 and add another 256 IPs to my pool... But why? Should be simpler no?

 

Maybe I'm not going about this the right way to begin with. First time using OpenVPN and though it seems pretty straight forward compared to other VPN types I have used in the past, the requirement of having 8 IPs per users makes me feel like I'm screwing something up or we need a firmware update?

  0  
  0  
#3
Options
Re:Opening Limits for OpenVPN
2022-11-03 16:10:00

  @Bluebeep in short, openvpn is not fully implemented and lacks on many points, you should have read about it. Whatever you manage to complete with openvpn, it will still not function properly. You probably found already out that openvpn options can be passed by uploading a config, however, fully missing log and no info if option is usable with current implementation. Currently, if you need openvpn, or better said stable working, set it up on own server. Any device will do better job than tplinks business router, it sadly for tplink includes home devices which work. Word business seems to be just a marketing gag by tplink.

  0  
  0  
#4
Options