Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fixed IP Client

    Scheduled Pinned Locked Moved OpenVPN
    20 Posts 3 Posters 1.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sasa1
      last edited by

      Hi,
      I made the requested change but now I have an error when I try the client connection:

      Mon Feb 17 08:35:21 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Mon Feb 17 08:35:21 2020 TLS Error: TLS handshake failed
      Mon Feb 17 08:35:21 2020 SIGUSR1[soft,tls-error] received, process restarting
      Mon Feb 17 08:35:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]167.x.x.x:1194

      and in VPN Status I have this:
      [error] Unable to contact daemon Service not running?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • S Offline
        sasa1
        last edited by

        I configured the tunnel again as:
        10.0.2.0/24
        and the link is now up.

        1 Reply Last reply Reply Quote 0
        • S Offline
          sasa1
          last edited by

          I made a mistake because I had made the change in the general configuration and not in CSO.

          1 Reply Last reply Reply Quote 0
          • RicoR Offline
            Rico LAYER 8 Rebel Alliance
            last edited by

            So everything is working now for you?

            -Rico

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              sasa1
              last edited by

              yes

              1 Reply Last reply Reply Quote 0
              • S Offline
                sasa1 @Rico
                last edited by

                @Rico unfortunately after three days in which the IP address has not changed this morning it happened again, the client was assigned the address 10.0.2.3 !
                do I have to change any other parameters?
                Thanks.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  sasa1
                  last edited by

                  Hi,
                  what can I check to solve the problem?
                  Thanks.

                  1 Reply Last reply Reply Quote 0
                  • RicoR Offline
                    Rico LAYER 8 Rebel Alliance
                    last edited by

                    Is your CSO present in the filesystem? Check /var/etc/openvpn-csc/<server>/<user>
                    It should contain your Client IP like this ifconfig-push 10.20.30.40 255.255.255.0
                    Crank up your OpenVPN RAS Verbosity level and see whats happening there. Working CSO logs:

                    user/1.2.3.4:1194 OPTIONS IMPORT: reading client specific options from: /var/etc/openvpn-csc/<server>/<user>
                    user/1.2.3.4:1194 MULTI: Learn: 10.20.30.40 -> user/1.2.3.4:1194
                    user/1.2.3.4:1194 MULTI: primary virtual IP for user/1.2.3.4:1194: 10.20.30.40 
                    

                    1.2.3.4 = external IP
                    10.20.30.40 = user CSO (fixed IP)

                    -Rico

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      sasa1
                      last edited by

                      Hi,
                      I have checked in the directory indicated and I find these files (attached image),
                      sorry I have not understood how I can carry out the required verification.server.PNG

                      In addition I also tried the parameter "IPv4 Tunnel Network" with:
                      10.0.2.2/30

                      but after two / three days the problem still present.
                      Thanks.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Online
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Not sure what your doing exactly... This is pretty straight forward..

                        /30 is really too small to be honest for a tunnel network..

                        Set your tunnel network to be something /24 that does not overlap your local or remote network (should be something uncommon)..

                        You need to highlight which vpn server instance.
                        Then set your clients common name - so this gets applied to the client you want.
                        Then set the ifconfig-push for the IP you want to assign. Prob best to use an IP higher up in the tunnel so unlikely to have an overlap with other clients that might be connected.

                        CSO.jpg

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                        S 1 Reply Last reply Reply Quote 0
                        • S Offline
                          sasa1
                          last edited by

                          therefore in:
                          tunnel settings -> IPv4 Tunnel Network
                          I don't have to enter any value?
                          must the field be left blank?
                          Thanks.

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ Online
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            Your tunnel network should be setup on your actual vpn instance. There would be no reason to enter it here, unless your trying to use a different specific tunnel for this specific client.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                            1 Reply Last reply Reply Quote 0
                            • RicoR Offline
                              Rico LAYER 8 Rebel Alliance
                              last edited by Rico

                              I always use the IPv4 Tunnel Network box for my CSOs, like jimp told me to do in one of his hangouts. ☺
                              My Advanced box is empty.
                              Never had any problems.

                              -Rico

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ Online
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                Well depends if you want to use a specific tunnel for your client.. Or have them share the 1 tunnel network..

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                1 Reply Last reply Reply Quote 0
                                • RicoR Offline
                                  Rico LAYER 8 Rebel Alliance
                                  last edited by Rico

                                  Huh?
                                  My tunnel network is 10.1.10.0/24
                                  First CSO (via IPv4 Tunnel Network box) 10.1.10.11/24, second 10.1.10.12/24 and so on.

                                  -Rico

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ Online
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    Yeah that can work too... I just think its simpler to call it out specific via push ;)

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                    1 Reply Last reply Reply Quote 0
                                    • RicoR Offline
                                      Rico LAYER 8 Rebel Alliance
                                      last edited by

                                      Well the box does the very same I think. ☺

                                      -Rico

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        sasa1 @johnpoz
                                        last edited by

                                        @johnpoz I followed the instructions but after a couple of days the problem is present again, the vpn client has been assigned the IP address:
                                        10.0.2.3

                                        how is it possible ? where am i wrong?
                                        thanks.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.