Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    (Solved)failed using CreateIpForwardEntry: The parameter is incorrect.

    OpenVPN
    3
    5
    713
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • periko
      periko last edited by periko

      Hi people.

      I had this situation, I have a network that is using for the LAN the network block.

      192.168.1.240/16
      

      Why?, don't really know, but I will find out soon.

      In the field "Local ipv4 Network" I add "192.168.1.0/16" to openvpn setup.

      Well, the issue is that we need to setup a RoadWarrior setup, I use for the tunnel the block:

      10.0.99.0/24
      

      I download the client setup and is working, I can see the tunnels created, I can ping the tunnels:

      10.0.99.1 and 10.0.99.2
      

      The problem is that the RoadWarrior client cannot access any resources behind pfsense.

      Checking the log in the client side I found this error which took my attention:

      Sat Apr 27 17:27:42 2019 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{01853CC5-DBB4-45F7-885A-55FA80E9E3A0}.tap
      Sat Apr 27 17:27:42 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.99.0/10.0.99.2/255.255.255.0 [SUCCEEDED]
      Sat Apr 27 17:27:42 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.99.2/255.255.255.0 on interface {01853CC5-DBB4-45F7-885A-55FA80E9E3A0} [DHCP-serv: 10.0.99.254, lease-time: 31536000]
      Sat Apr 27 17:27:42 2019 Successful ARP Flush on interface [20] {01853CC5-DBB4-45F7-885A-55FA80E9E3A0}
      Sat Apr 27 17:27:42 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Sat Apr 27 17:27:48 2019 Warning: address 192.168.1.0 is not a network address in relation to netmask 255.255.0.0
      **Sat Apr 27 17:27:48 2019 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=20]**
      Sat Apr 27 17:27:48 2019 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
      Sat Apr 27 17:27:48 2019 Initialization Sequence Completed
      

      This has to related to the CIDR /16 that this network is using?

      LAN Network 192.168.1.0/16 OVPN Tunnel 10.0.99.0/24.

      Any help to understand this I will appreciated, running pfsense 2.4.4.x.

      Thanks.☺

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      K 1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        @periko said in failed using CreateIpForwardEntry: The parameter is incorrect.:

        192.168.1.240/16

        That is not a netblock, that is a host address. But forgetting that anything after 192.168 when you use 16 is meaningless for the network.

        Its even warning you about it

        warning: address 192.168.1.0 is not a network address in relation to netmask 255.255.0.0

        Set your local network to use a correctly sized network mask... Say a /24 -- how many devices do you have on this local network.. a /16 would allow for 65,000... Do you have something near that? then no you shouldn't be using a /16

        Do you have somewhat less then 254 devices? Then a /24 is fine.. And now your network would be 192.168.1, vs 192.168

        And you are less likely to step on the remote network of your client as well.

        If you want to run vpn into your local network, you should use something other than the most common networks.. 192.168.0 and 192.168.1/24 are very common... Your stepping all over that if you use /16! ;)

        Use say 192.168.42/24 or something so if you remote client guy is say at starbucks and their local wifi network is 192.168.1 he wont have an issue talking down the vpn to talk to say 192.168.42.152 (some server on your network)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • K
          Konstanti @periko last edited by

          @periko

          Hey
          If you use the /16 subnet mask , 192.168.1.0 is already the host address , not the subnet

          In the field "Local ipv4 Network" I add "192.168.1.0/16" to openvpn setup.

          You need to specify as a network
          192.168.0.0/16

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            @Konstanti said in failed using CreateIpForwardEntry: The parameter is incorrect.:

            You need to specify as a network
            192.168.0.0/16

            Which while correct would be a HORRIBLE idea!!! You the appropriate sized network for your network.. Not a /16

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • periko
              periko last edited by

              I had confirm my brain.

              CIDR /16 is not a network I use, this is a client network but need to fix this.

              They don't have 65000 users there.

              U are right, 192.168.1.0 is already part of the network.

              I will fix this and let u know, thanks both of u guys, wonderful help, always keep learning.

              👍

              Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
              www.bajaopensolutions.com
              https://www.facebook.com/BajaOpenSolutions
              Quieres aprender PfSense, visita mi canal de youtube:
              https://www.youtube.com/c/PedroMorenoBOS

              1 Reply Last reply Reply Quote 0
              • First post
                Last post