Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN with Static IP client. HOW ??

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 4 Posters 13.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GruensFroeschliG
      GruensFroeschli
      last edited by

      i dont really understand:
      could you make a diagramm where you intend to put your VPN clients?

      you write that your VPN client has to be in 172.16.11.0/8 but then that you have 246 clients in 172.16.11.0/24

      (btw: 172.16.11.0/8 is not allowed: –> private range is 172.16.x.x/12 )

      couldnt you just assign another 172.16.x.x subnet to your VPN clients?

      if you NEED to have your VPN client within 172.16.11.0/24 you wont be able to achieve that with routing.
      you might need to bridge your VPN to your LAN

      http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN --> at the bottom
      it has been reported stable if you dont use CARP.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • S
        scarpy
        last edited by

        Hi GruensFroeschli !
        I made i mistake.. In fact, as you supposed, everything is in (172.16.11.0/24).

        I'll try bridging my VPN to my LAN..

        Thanks again,
        Alex

        scarpy is:
        CCNA Cisco Certified Network Administrator
        CNAI Cisco Network Academy Instructor
        MCSE Microsoft Certified System Engineer

        1 Reply Last reply Reply Quote 0
        • S
          scarpy
          last edited by

          @GruensFroeschli:

          if you NEED to have your VPN client within 172.16.11.0/24 you wont be able to achieve that with routing.
          you might need to bridge your VPN to your LAN

          http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN –> at the bottom
          it has been reported stable if you dont use CARP.

          My PfSense Box hasn't tap0 interface!!  How can I create it ??
          Thanks,
          Alex

          scarpy is:
          CCNA Cisco Certified Network Administrator
          CNAI Cisco Network Academy Instructor
          MCSE Microsoft Certified System Engineer

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            @scarpy:

            @GruensFroeschli:

            if you NEED to have your VPN client within 172.16.11.0/24 you wont be able to achieve that with routing.
            you might need to bridge your VPN to your LAN

            http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN –> at the bottom
            it has been reported stable if you dont use CARP.

            My PfSense Box hasn't tap0 interface!!  How can I create it ??
            Thanks,
            Alex

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • S
              scarpy
              last edited by

              @scarpy:

              My PfSense Box hasn't tap0 interface!!  How can I create it ??
              Thanks,
              Alex

              I tried everything explained at the bottom of
              http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
              but i had no success:

              in conf/config.xml i put these lines:

              <earlyshellcmd>ifconfig bridge0 create</earlyshellcmd>
              <earlyshellcmd>ifconfig bridge0 addm vr0 up</earlyshellcmd>
              <shellcmd>ifconfig bridge0 addm tap0</shellcmd>

              but i got these messages when booting:

              **bridge0 eth address XX:xx:XX:XX
              ifconfig: SIOCIFCREATE invalid argument

              ifconfig: BRDGADD tap0: no such file or directory**

              I also tried with
              <shellcmd>ifconfig bridge0 addm tap</shellcmd>
              with the same result.

              I also tried from the shell prompt:

              **# ifconfig tap0 create
              ifconfig: SIOCIFCREATE: Invalid argument

              ifconfig tap create

              ifconfig: SIOCIFCREATE: Invalid argument**

              but nothing to do!!

              My kldstat output is:

              kldstat

              Id Refs Address    Size    Name
              1    1 0xc0400000 71530c  kernel

              Thanks for your help.
              Alex

              scarpy is:
              CCNA Cisco Certified Network Administrator
              CNAI Cisco Network Academy Instructor
              MCSE Microsoft Certified System Engineer

              1 Reply Last reply Reply Quote 0
              • Cry HavokC
                Cry Havok
                last edited by

                What version of pfSense are you using?  If it's not 1.2 then I suspect you'll need to upgrade.

                1 Reply Last reply Reply Quote 0
                • S
                  scarpy
                  last edited by

                  @Cry:

                  What version of pfSense are you using?  If it's not 1.2 then I suspect you'll need to upgrade.

                  I upgraded to 1.2RC3.. but nothing changed!!!

                  scarpy is:
                  CCNA Cisco Certified Network Administrator
                  CNAI Cisco Network Academy Instructor
                  MCSE Microsoft Certified System Engineer

                  1 Reply Last reply Reply Quote 0
                  • Cry HavokC
                    Cry Havok
                    last edited by

                    Are those lines still in config.xml, or did the upgrade remove them?

                    1 Reply Last reply Reply Quote 0
                    • S
                      scarpy
                      last edited by

                      @Cry:

                      Are those lines still in config.xml, or did the upgrade remove them?

                      Still there..

                      <earlyshellcmd>ifconfig bridge0 create</earlyshellcmd>
                      <earlyshellcmd>ifconfig bridge0 addm vr0 up</earlyshellcmd>

                      The 2 lines above work, in fact I have the bridge0 "learning" in Status | Interfaces menu, but can't add the tap0 interface..

                      <shellcmd>ifconfig bridge0 addm tap0</shellcmd>
                      returns:

                      ifconfig: BRDGADD tap0: No such file or directory

                      Thanks again.
                      Alex

                      scarpy is:
                      CCNA Cisco Certified Network Administrator
                      CNAI Cisco Network Academy Instructor
                      MCSE Microsoft Certified System Engineer

                      1 Reply Last reply Reply Quote 0
                      • B
                        bennor3814
                        last edited by

                        After following the instructions in the VPN Capability OpenVPN doc to open a VPN Client Bridge, are there any special settings in the Firewall Rules that need to be made? My problem is when the OpenVPN Tunnel is enabled after configuring it with the bridge settings I no longer can send emails. My email program hangs while trying to send and receive email. If I disable the OpenVPN Tunnel I can send email.

                        Other than than when the OpenVPN tunnel is enabled offsite roadwarriors can connect without issue.

                        For anyone who gets the "ifconfig: BRDGADD tap0: No such file or directory" error check your server bridge entry in the OpenVPN custom options field. The tap0 gave me errors until I realized that the LAN setting for the server bridge was wrong and corrected it and rebooted the machine. The other strange thing is the "<shellcmd>ifconfig bridge0 addm tap0</shellcmd>" entry in the config.xml file seems to not stay at the bottom of the three entries that get entered. After entering them it moved up the next time I looked at the file so it was the first of the three entries for this bridging setup.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.