• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN routing issue?

Scheduled Pinned Locked Moved OpenVPN
15 Posts 4 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Rico LAYER 8 Rebel Alliance
    last edited by Rico Sep 9, 2019, 2:07 PM Sep 9, 2019, 2:06 PM

    Set your tunnel network to anything else than 10.0.0.0/8 because your LAN is eating all the space for this network.
    Just use something like 192.168.123.0/24 for the tunnel. But stay in RFC1918 space!!
    I'd recommend to renumber your LAN to something realistic...

    -Rico

    1 Reply Last reply Reply Quote 0
    • S
      Solway
      last edited by Sep 9, 2019, 2:15 PM

      just realised my F up, i blame windows and its auto 255.0.0.0 subnet stuff

      i'll do
      10.1.1.0/22 LAN
      10.2.1.0/24 for tunnel

      J 1 Reply Last reply Sep 9, 2019, 4:20 PM Reply Quote 0
      • R
        Rico LAYER 8 Rebel Alliance
        last edited by Sep 9, 2019, 2:18 PM

        Yeah that would be Okay.

        -Rico

        1 Reply Last reply Reply Quote 0
        • S
          Solway
          last edited by Sep 9, 2019, 2:24 PM

          ive quickly changed to
          10.1.1.0/8 LAN
          192.168.123.0/24 for tunnel

          so i didnt have to change the lan

          but the daemon crashes on this

          [error] 	Unable to contact daemon 	Service not running? 	0
          
          Sep 9 15:22:57 	syslogd 		kernel boot file is /boot/kernel/kernel
          Sep 9 15:23:00 	php-fpm 		/status_services.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/server1.conf'' returned exit code '1', the output was ''
          Sep 9 15:23:00 	php-fpm 		OpenVPN failed to start 
          
          Sep 9 15:23:00 	openvpn 	92899 	Options error: --server directive network/netmask combination is invalid
          Sep 9 15:23:00 	openvpn 	92899 	Use --help for more information. 
          
          1 Reply Last reply Reply Quote 0
          • C
            chpalmer
            last edited by Sep 9, 2019, 3:17 PM

            @Solway said in OpenVPN routing issue?:

            10.1.1.3/8 - Windows AD server, hosts DNS, NTP and DHCP(lan only) -
            10.1.1.2/8 - pfsense (mainly gateway, firewall and vpn server)

            Those two LANs are overlapping.

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            C 1 Reply Last reply Sep 9, 2019, 3:20 PM Reply Quote 0
            • C
              chpalmer @chpalmer
              last edited by Sep 9, 2019, 3:20 PM

              push "route 10.1.1.0 255.0.0.0" added to config

              You don't need anything on this line.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • C
                chpalmer
                last edited by Sep 9, 2019, 3:21 PM

                Show the lower half of your OpenVPN config screen in a screenshot..

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • S
                  Solway
                  last edited by Sep 9, 2019, 4:12 PM

                  ive changed network to

                  LAN 10.1.1.0/24
                  VPNtunnel 10.1.10.0/24

                  all works ok.

                  for some reason the VPN daemon was crashing using...
                  10.1.1.0/8 LAN
                  192.168.123.0/24 for tunnel

                  even this didnt work.
                  10.1.1.0/24 LAN
                  192.168.123.0/24 for tunnel

                  1 Reply Last reply Reply Quote 0
                  • J
                    JKnott @Solway
                    last edited by Sep 9, 2019, 4:20 PM

                    @Solway said in OpenVPN routing issue?:

                    just realised my F up, i blame windows and its auto 255.0.0.0 subnet stuff

                    i'll do
                    10.1.1.0/22 LAN
                    10.2.1.0/24 for tunnel

                    Yeah, MS messes up a lot of things. Classful addresses went out years ago. As for VPNs and other point to point connections, you can use /31, though some systems (MS again) require /30. Even on IPv6, with gazillions of addresses, a /127 is recommended.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • S
                      Solway
                      last edited by Solway Sep 9, 2019, 4:38 PM Sep 9, 2019, 4:33 PM

                      i got a new problem

                      VPN can connect no matter what

                      even if i revocate a user cert

                      vpn server is set to SSL/TLS + User auth

                      edit:
                      forget that fixed. didnt have revocation list selected in server. just clients.

                      think im good now. thanks for the help

                      1 Reply Last reply Reply Quote 0
                      15 out of 15
                      • First post
                        15/15
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received