(Solved)failed using CreateIpForwardEntry: The parameter is incorrect.



  • Hi people.

    I had this situation, I have a network that is using for the LAN the network block.

    192.168.1.240/16
    

    Why?, don't really know, but I will find out soon.

    In the field "Local ipv4 Network" I add "192.168.1.0/16" to openvpn setup.

    Well, the issue is that we need to setup a RoadWarrior setup, I use for the tunnel the block:

    10.0.99.0/24
    

    I download the client setup and is working, I can see the tunnels created, I can ping the tunnels:

    10.0.99.1 and 10.0.99.2
    

    The problem is that the RoadWarrior client cannot access any resources behind pfsense.

    Checking the log in the client side I found this error which took my attention:

    Sat Apr 27 17:27:42 2019 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{01853CC5-DBB4-45F7-885A-55FA80E9E3A0}.tap
    Sat Apr 27 17:27:42 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.99.0/10.0.99.2/255.255.255.0 [SUCCEEDED]
    Sat Apr 27 17:27:42 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.99.2/255.255.255.0 on interface {01853CC5-DBB4-45F7-885A-55FA80E9E3A0} [DHCP-serv: 10.0.99.254, lease-time: 31536000]
    Sat Apr 27 17:27:42 2019 Successful ARP Flush on interface [20] {01853CC5-DBB4-45F7-885A-55FA80E9E3A0}
    Sat Apr 27 17:27:42 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Sat Apr 27 17:27:48 2019 Warning: address 192.168.1.0 is not a network address in relation to netmask 255.255.0.0
    **Sat Apr 27 17:27:48 2019 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=20]**
    Sat Apr 27 17:27:48 2019 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
    Sat Apr 27 17:27:48 2019 Initialization Sequence Completed
    

    This has to related to the CIDR /16 that this network is using?

    LAN Network 192.168.1.0/16 OVPN Tunnel 10.0.99.0/24.

    Any help to understand this I will appreciated, running pfsense 2.4.4.x.

    Thanks.☺


  • LAYER 8 Global Moderator

    @periko said in failed using CreateIpForwardEntry: The parameter is incorrect.:

    192.168.1.240/16

    That is not a netblock, that is a host address. But forgetting that anything after 192.168 when you use 16 is meaningless for the network.

    Its even warning you about it

    warning: address 192.168.1.0 is not a network address in relation to netmask 255.255.0.0

    Set your local network to use a correctly sized network mask... Say a /24 -- how many devices do you have on this local network.. a /16 would allow for 65,000... Do you have something near that? then no you shouldn't be using a /16

    Do you have somewhat less then 254 devices? Then a /24 is fine.. And now your network would be 192.168.1, vs 192.168

    And you are less likely to step on the remote network of your client as well.

    If you want to run vpn into your local network, you should use something other than the most common networks.. 192.168.0 and 192.168.1/24 are very common... Your stepping all over that if you use /16! ;)

    Use say 192.168.42/24 or something so if you remote client guy is say at starbucks and their local wifi network is 192.168.1 he wont have an issue talking down the vpn to talk to say 192.168.42.152 (some server on your network)



  • @periko

    Hey
    If you use the /16 subnet mask , 192.168.1.0 is already the host address , not the subnet

    In the field "Local ipv4 Network" I add "192.168.1.0/16" to openvpn setup.

    You need to specify as a network
    192.168.0.0/16


  • LAYER 8 Global Moderator

    @Konstanti said in failed using CreateIpForwardEntry: The parameter is incorrect.:

    You need to specify as a network
    192.168.0.0/16

    Which while correct would be a HORRIBLE idea!!! You the appropriate sized network for your network.. Not a /16



  • I had confirm my brain.

    CIDR /16 is not a network I use, this is a client network but need to fix this.

    They don't have 65000 users there.

    U are right, 192.168.1.0 is already part of the network.

    I will fix this and let u know, thanks both of u guys, wonderful help, always keep learning.

    👍


Log in to reply