SSLVPN Client IP Address usage - no free-ifconfig-pool addresses are available

  • 7014411
  • 14-Jan-2014
  • 03-Feb-2014

Environment

NetIQ Access Manager 3.x
NetIQ Access Manager SSLVPN server configured and running

Situation

  • Customer needed to be able to provide SSLVPN for up to 1028 simultaneous users
  • Configured NetIQ AM SSLVPN server with a class B subnet (255.255.252.0) for clients, which should allow up to 1028 addresses
  • Customer then noticed that when the active number of SSLVPN clients connecting reaches 255 (+/- a couple), new clients were unable to connect
  • The '/var/log/open-vpn.log' would report: "MULTI:no free-ifconfig-pool addresses are available"

Resolution

Configured the SSLVPN server with a larger subnet to increase the number of usable IP Addresses available for SSLVPN client connections

Cause

The SSLVPN server assigns each client connection four IP addresses.  So, the SSLVPN server subnet for clients needs to be configured to have IP address equal to: maximum number of simultaneous users multiplied by four.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.