Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (Solved)failed using CreateIpForwardEntry: The parameter is incorrect.

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by periko

      Hi people.

      I had this situation, I have a network that is using for the LAN the network block.

      192.168.1.240/16
      

      Why?, don't really know, but I will find out soon.

      In the field "Local ipv4 Network" I add "192.168.1.0/16" to openvpn setup.

      Well, the issue is that we need to setup a RoadWarrior setup, I use for the tunnel the block:

      10.0.99.0/24
      

      I download the client setup and is working, I can see the tunnels created, I can ping the tunnels:

      10.0.99.1 and 10.0.99.2
      

      The problem is that the RoadWarrior client cannot access any resources behind pfsense.

      Checking the log in the client side I found this error which took my attention:

      Sat Apr 27 17:27:42 2019 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{01853CC5-DBB4-45F7-885A-55FA80E9E3A0}.tap
      Sat Apr 27 17:27:42 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.99.0/10.0.99.2/255.255.255.0 [SUCCEEDED]
      Sat Apr 27 17:27:42 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.99.2/255.255.255.0 on interface {01853CC5-DBB4-45F7-885A-55FA80E9E3A0} [DHCP-serv: 10.0.99.254, lease-time: 31536000]
      Sat Apr 27 17:27:42 2019 Successful ARP Flush on interface [20] {01853CC5-DBB4-45F7-885A-55FA80E9E3A0}
      Sat Apr 27 17:27:42 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Sat Apr 27 17:27:48 2019 Warning: address 192.168.1.0 is not a network address in relation to netmask 255.255.0.0
      **Sat Apr 27 17:27:48 2019 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=20]**
      Sat Apr 27 17:27:48 2019 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
      Sat Apr 27 17:27:48 2019 Initialization Sequence Completed
      

      This has to related to the CIDR /16 that this network is using?

      LAN Network 192.168.1.0/16 OVPN Tunnel 10.0.99.0/24.

      Any help to understand this I will appreciated, running pfsense 2.4.4.x.

      Thanks.☺

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      K 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        @periko said in failed using CreateIpForwardEntry: The parameter is incorrect.:

        192.168.1.240/16

        That is not a netblock, that is a host address. But forgetting that anything after 192.168 when you use 16 is meaningless for the network.

        Its even warning you about it

        warning: address 192.168.1.0 is not a network address in relation to netmask 255.255.0.0

        Set your local network to use a correctly sized network mask... Say a /24 -- how many devices do you have on this local network.. a /16 would allow for 65,000... Do you have something near that? then no you shouldn't be using a /16

        Do you have somewhat less then 254 devices? Then a /24 is fine.. And now your network would be 192.168.1, vs 192.168

        And you are less likely to step on the remote network of your client as well.

        If you want to run vpn into your local network, you should use something other than the most common networks.. 192.168.0 and 192.168.1/24 are very common... Your stepping all over that if you use /16! ;)

        Use say 192.168.42/24 or something so if you remote client guy is say at starbucks and their local wifi network is 192.168.1 he wont have an issue talking down the vpn to talk to say 192.168.42.152 (some server on your network)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          Konstanti @periko
          last edited by

          @periko

          Hey
          If you use the /16 subnet mask , 192.168.1.0 is already the host address , not the subnet

          In the field "Local ipv4 Network" I add "192.168.1.0/16" to openvpn setup.

          You need to specify as a network
          192.168.0.0/16

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            @Konstanti said in failed using CreateIpForwardEntry: The parameter is incorrect.:

            You need to specify as a network
            192.168.0.0/16

            Which while correct would be a HORRIBLE idea!!! You the appropriate sized network for your network.. Not a /16

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • perikoP
              periko
              last edited by

              I had confirm my brain.

              CIDR /16 is not a network I use, this is a client network but need to fix this.

              They don't have 65000 users there.

              U are right, 192.168.1.0 is already part of the network.

              I will fix this and let u know, thanks both of u guys, wonderful help, always keep learning.

              👍

              Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
              www.bajaopensolutions.com
              https://www.facebook.com/BajaOpenSolutions
              Quieres aprender PfSense, visita mi canal de youtube:
              https://www.youtube.com/c/PedroMorenoBOS

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.