Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to fix "WARNING: You have specified redirect-gateway and redirect-private at the same time"

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    5
    3.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shoulders
      last edited by

      I have configured an OpenVPN server (tun) with only IPv4 enabled and I have the Redirect IPv4 Gateway option enabled.

      I then always get the following error on connection:

      WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
      • if i do not use the pfsense option Redirect IPv4 Gateway I do not get this error.
        I have looked in the pfsense .OPVN file in /var/etc/openvpn/server1/ and cannot see any mention of redirect-private
      • I cannot see what options are pushed
      • I am using the OpenVPN GUI/Client v11.31.0.0 / 2.5.8 on Windows 10

      What does this error mean and how can I stop it but still use redirect-gateway?

      Thanks

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @shoulders
        last edited by

        @shoulders
        If you remove the check mark at "redirect gateway" are there any entries in "Local Networks"? If so remove them and re-check redirect gateway.

        S 1 Reply Last reply Reply Quote 1
        • S
          shoulders @viragomann
          last edited by

          @viragomann nothing present and still getting the error, but good try thanks

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @shoulders
            last edited by

            @shoulders
            I assume, you get this message on the client. Can you post the whole push message from the client log?

            S 1 Reply Last reply Reply Quote 0
            • S
              shoulders @viragomann
              last edited by shoulders

              @viragomann Awesome Solution :), thanks

              This is a follow-up:

              Earlier on I did remove 10.0.0.0/24 from the IPv4 Local Networks but I was still getting the error so I thought that did not fix it. I had in the Custom options the following command

              push "redirect-gateway def1 block-local"

              I removed this and now I am not getting the message so I cannot send you the log now because it is fixed, but it turns out your were right. So the 3 things that can cause this error

              • when Redirect IPv4 Gateway is enabled there is an entry in the hidden field IPv4 Local network(s)
              • you have enabled Redirect IPv6 Gateway but do not have IPv6 enabled
              • overriding the redirect-gateway in Custom Options

              This is an old log:

              Sat Mar 18 18:08:16 2023 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec  2 2022
Sat Mar 18 18:08:16 2023 Windows version 10.0 (Windows 10 or greater) 64bit
Sat Mar 18 18:08:16 2023 library versions: OpenSSL 1.1.1s  1 Nov 2022, LZO 2.10
Sat Mar 18 18:08:18 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]123.123.123.123:2727
Sat Mar 18 18:08:18 2023 UDPv4 link local: (not bound)
Sat Mar 18 18:08:18 2023 UDPv4 link remote: [AF_INET]123.123.123.123:2727
Sat Mar 18 18:08:18 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Mar 18 18:08:19 2023 [pfSense Server Certificate] Peer Connection Initiated with [AF_INET]123.123.123.123:2727
Sat Mar 18 18:08:19 2023 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Sat Mar 18 18:08:19 2023 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Sat Mar 18 18:08:19 2023 open_tun
Sat Mar 18 18:08:19 2023 tap-windows6 device [OpenVPN TAP-Windows6] opened
Sat Mar 18 18:08:19 2023 Set TAP-Windows TUN subnet mode network/local/netmask = 10.217.1.0/10.217.1.2/255.255.255.0 [SUCCEEDED]
Sat Mar 18 18:08:19 2023 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.217.1.2/255.255.255.0 on interface {39A232AE-AE2D-4EFC-9BCD-7159D7CFE9B1} [DHCP-serv: 10.217.1.0, lease-time: 31536000]
Sat Mar 18 18:08:19 2023 Successful ARP Flush on interface [7] {39A232AE-AE2D-4EFC-9BCD-7159D7CFE9B1}
Sat Mar 18 18:08:19 2023 IPv4 MTU set to 1500 on interface 7 using service
Sat Mar 18 18:08:20 2023 Blocking outside dns using service succeeded.
Sat Mar 18 18:08:25 2023 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for OpenVPN TAP-Windows6, therefore the route installation may fail or may not work as expected.
Sat Mar 18 18:08:25 2023 add_route_ipv6(::/3 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 add_route_ipv6(2000::/4 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 add_route_ipv6(2727::/4 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 add_route_ipv6(fc00::/7 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 Initialization Sequence Completed
Sat Mar 18 18:08:25 2023 Register_dns request sent to the service
              1 Reply Last reply Reply Quote 0
              • First post
                Last post