OpenVPN server + tap mode = error: one of ifconfig or ifconfig-ipv6 must be specified on Android



  • So i have an OpenVPN server with tap mode, (VPN interface bridged to LAN interface) - i would like to access my local network like if im at home.

    On my windows client everything works good, like network discovery, etc.

    With my android phone, when i export the android settings, and i would like to connect, i have an error:

    19:45:59.398 -- EVENT: ASSIGN_IP

    19:45:59.406 -- TUN Error: tun_prop_error: one of ifconfig or ifconfig-ipv6 must be specified

    19:45:59.407 -- EVENT: TUN_SETUP_FAILED info='tun_prop_error: one of ifconfig or ifconfig-ipv6 must be specified'

    19:45:59.412 -- EVENT: DISCONNECTED

    19:45:59.442 -- Client exception in transport_recv: tun_exception: not connected

    19:45:59.448 -- EVENT: CORE_THREAD_INACTIVE

    19:45:59.449 -- Tunnel bytes per CPU second: 0

    19:45:59.451 -- ----- OpenVPN Stop -----

    I tried to push config with client specific overrides, but its not working.

    push "topology-subnet";ifconfig-push 192.168.1.205 255.255.255.0;

    My LAN network is: 192.168.1.0/24,
    My router/dhcp server/pfsense local adress is: 192.168.1.1
    My LAN dhcp range is: 192.168.1.101-199

    Any idea what im doing wrong?


  • LAYER 8 Rebel Alliance

    TAP mode is not supported in either Android or iOS.

    -Rico



  • So there is no solution. Should i add another OpenVPN server with tun mode? It can be done without messing something?


  • LAYER 8 Rebel Alliance

    Sure...you can have as many OpenVPN Instances in different modes as you want.
    Do you really need to carry layer 2 information via the VPN?
    What would be your problem with TUN mode?

    -Rico


  • LAYER 8 Rebel Alliance

    TAP benefits:

    • behaves like a real network adapter (except it is a virtual network adapter)
    • can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc)
    • Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel
    • Can be used in bridges

    TAP drawbacks

    • causes much more broadcast overhead on the VPN tunnel
    • adds the overhead of Ethernet headers on all packets transported over the VPN tunnel
    • scales poorly
    • can not be used with Android or iOS devices

    TUN benefits:

    • A lower traffic overhead, transports only traffic which is destined for the VPN client
    • Transports only layer 3 IP packets

    TUN drawbacks:

    • Broadcast traffic is not normally transported
    • Can only transport IPv4 (OpenVPN 2.3 adds IPv6)
    • Cannot be used in bridges

    -Rico



  • Its my home network. Sometimes i would play with my Xbox far away from home - im travelling much.
    With tap mode, remote stream/play/power-on works well, and i cant get it to work with tun mode. But i would not run another service just for my phone - but i have no choice..


Log in to reply