Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn route error

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 4 Posters 17.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yaya
      last edited by

      Software conifg
      Downloaded RC2 yesterday (liveCD)
      Installed it on 2 systems that are linked via crossover cable in a lab

      ip config

      OPVN server
      wan ip 172.35.222.2
      lan ip 172.22.246.1

      OPVN client
      wan ip 172.35.222.3
      lan ip 172.22.246.2

      Openvpn server config
      protocol: UDP
      Local port: 1194
      Address pool: 192.168.200.0/24
      Use static Ips: unchecked
      Local network: 172.21.246.0/24
      Remote Network: 172.21.246.0/24
      Client to client VPN: Unchecked
      LZO compresion: Checked

      Openvpn client config:
      Protocol: UDP
      Server Address: 172.35.222.2
      Server Port: 1194
      LZO Compression: Checked

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        How do you want to route with the same subnets on each site of the tunnel? You have the same LAN subnets at each end.  ;)

        1 Reply Last reply Reply Quote 0
        • Y
          yaya
          last edited by

          I've setup a 3 way openvpn tunnel before with bridging (linux router) with the same subnet at each endpoint. I don't know if I need to have the same subnet to get broadcast to work at both ends? I know that it worked last time by making the vpn server 192.168.1.1 and the clients were 192.168.1.2 and 192.168.1.3. Do I need to different subnets on the LAN side of my tunnel? and if so will broadcast still work?

          thanks for the help

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            This is not Linux.  You need a different subnet at each ends of the tunnel.

            Or break up your subnet into a /27 or something.

            1 Reply Last reply Reply Quote 0
            • Y
              yaya
              last edited by

              I need Broadcast to work. How is broadcast goign to work with both LAN's on different subnets?

              Thanks

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                It won't. I don't think there is a way to do this with pfSense's implementation of openvpn atm but I might be wrong.

                1 Reply Last reply Reply Quote 0
                • Y
                  yaya
                  last edited by

                  I changed the client LAN ip address from 172.21.246.0/24 to 172.21.247.0/24. I don't get the route error anymore but can't ping the remote end.

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    Have a look at this: http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

                    1 Reply Last reply Reply Quote 0
                    • Y
                      yaya
                      last edited by

                      I'm trying to ping fromt he client side (client side lan= 172.21.247.0/24) an ip addres on the other lan (server side LAN = 172.21.246.0/24) and I don't get any replies :)

                      So far this is what I get on the client side

                      Aug 21 22:03:02   openvpn[262]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
                      Aug 21 22:03:02   openvpn[262]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
                      Aug 21 22:03:02   openvpn[262]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                      Aug 21 22:03:02   openvpn[262]: WARNING: file '/var/etc/openvpn_client0.key' is group or others accessible
                      Aug 21 22:03:02   openvpn[262]: LZO compression initialized
                      Aug 21 22:03:02   openvpn[263]: UDPv4 link local (bound): [undef]:1194
                      Aug 21 22:03:02   openvpn[263]: UDPv4 link remote: 172.35.222.2:1194
                      Aug 21 22:03:13   openvpn[263]: write UDPv4: Host is down (code=64)
                      Aug 21 22:03:22   last message repeated 4 times
                      Aug 21 22:03:22   openvpn[263]: [server.luku.blah.com] Peer Connection Initiated with 172.35.222.2:1194
                      Aug 21 22:03:23   openvpn[263]: gw 172.35.222.45
                      Aug 21 22:03:23   openvpn[263]: TUN/TAP device /dev/tun0 opened
                      Aug 21 22:03:23   openvpn[263]: /sbin/ifconfig tun0 192.168.200.6 192.168.200.5 mtu 1500 netmask 255.255.255.255 up
                      Aug 21 22:03:23   openvpn[263]: Initialization Sequence Completed

                      Server Side

                      Aug 21 21:54:28   openvpn[289]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
                      Aug 21 21:54:28   openvpn[289]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
                      Aug 21 21:54:28   openvpn[289]: gw 172.35.222.50
                      Aug 21 21:54:28   openvpn[289]: TUN/TAP device /dev/tun0 opened
                      Aug 21 21:54:28   openvpn[289]: /sbin/ifconfig tun0 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
                      Aug 21 21:54:28   openvpn[296]: UDPv4 link local (bound): [undef]:1194
                      Aug 21 21:54:28   openvpn[296]: UDPv4 link remote: [undef]
                      Aug 21 21:54:28   openvpn[296]: Initialization Sequence Completed
                      Aug 21 21:54:29   openvpn[296]: Need IPv6 code in mroute_extract_addr_from_packet
                      Aug 21 21:54:34   last message repeated 2 times
                      Aug 21 21:55:35   openvpn[296]: 172.35.222.3:1194 Re-using SSL/TLS context
                      Aug 21 21:55:35   openvpn[296]: 172.35.222.3:1194 LZO compression initialized
                      Aug 21 21:55:35   openvpn[296]: 172.35.222.3:1194 [ client.yaya.blah.com] Peer Connection Initiated with 172.35.222.3:1194
                      Aug 21 21:55:39   openvpn[296]: client.yaya.blah.com/172.35.222.3:1194 Need IPv6 code in mroute_extract_addr_from_packet
                      Aug 21 21:55:42   openvpn[296]: client.yaya.blah.com/172.35.222.3:1194 Need IPv6 code in mroute_extract_addr_from_packet

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense

                        1 Reply Last reply Reply Quote 0
                        • F
                          fernandotcl
                          last edited by

                          Broadcast will not work cause you need to configure OpenVPN to use TAP interfaces, ethernet layer VPN.

                          Also, make sure you're not pinging from your OpenVPN gateway to the other side, but rather from a client in the local LAN to a client in the local WAN.

                          Oh, and make sure you're not doing anything stupid (like firewalling yourself).

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.