Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN error

    Scheduled Pinned Locked Moved OpenVPN
    17 Posts 4 Posters 7.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      acs259 @acs259
      last edited by

      172.16.1.0/30 doesn't work. Threw an error in the logs that it has to be less than 29. So now the service starts - yay! So from an outside PC with the certificate, do I connect to 172.16.1.0 now?

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @acs259
        last edited by

        @acs259 Because 192.168.1.200/29 is a valid /29 network address. 192.168.1.200/24 is not (192.168.1.0/24 is)

        If your LAN is the default 192.168.1.1/24 you need to use something else.

        I can just literally make up an address as long as it's outside my network?

        Not necessarily. There is a range of addresses reserved for private usage. You will commonly see this called RFC1918.

        10.0.0.0/8 (10.0.0.0 - 10.255.255.255)
        172.16.0.0/12 (172.16.0.0 - 172.31.255.255)
        192.168.0.0/16 (192.168.0.0 - 192.168.255.255)

        Here's a random one for your tunnel network: 172.22.184.0/24

        In order for a router to route between networks the networks have to be different.

        You can't have one network 192.168.1.0/24 and another 192.168.1.200/29 in most cases because all of the hosts on 192.168.1.0/24 will think all of the addresses in the /29 (192.168.1.200 - 192.168.1.207) would be reachable on the local subnet and traffic for them would be attempted there instead of being forwarded to the router for routing.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate @acs259
          last edited by Derelict

          @acs259 No. You connect to the WAN address. Your client will then be assigned a tunnel address in 172.16.1.0/29. Use the Client export package to create a client config.

          A remote access OpenVPN server has to be a /29 or larger else openVPN will consider the connection to be point-to-point, not point-to-multipoint.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • A
            acs259
            last edited by

            Exported to a USB drive and threw that in a laptop connected to a cell phone hotspot. It fails to install OpenVPN and ends. I can connect the laptop to my network, log into pfsense, and run it from there and it works, but I won't be able to do that from work.

            DerelictD 1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by Derelict

              What? You're going to need to offer more information than that. Hard to say what windows permissions you need to enable. Windows problem.

              Once it's installed it should be installed. You shouldn't need the installer again until you want to update it.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @acs259
                last edited by

                @acs259 said in OpenVPN error:

                I can connect the laptop to my network, log into pfsense, and run it from there and it works, but I won't be able to do that from work.

                I have no idea what that even means.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • A
                  acs259
                  last edited by

                  Did Client Export to a USB drive. Put USB in a laptop outside my network and ran the installer. It fails saying OpenVPN could not be found.

                  I connected the laptop to wifi on my network and logged into pfsense and ran the exact same installer and it worked.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    So it should be installed and you should be good to go.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 1
                    • A
                      acs259
                      last edited by

                      On the laptop, yes. How do I get things installed on my work PC? (again, thanks for helping)

                      1 Reply Last reply Reply Quote 0
                      • A
                        acs259
                        last edited by

                        ok, laptop VPN works and was able to log into pfsense. Uninstalled OpenVPN and re-ran the exported EXE and it installed OpenVPN. So I think I should be good to go now.

                        Thank you so much to those who pitched in. This is pretty much the first success with anything other than base configuration that I have gotten to work. Still a little confused about the subnetting stuff above, but I'll take this as a win.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.