Possible BUG/FIX: OpenVPN: DHCP, TUN, Client Problems (pfSense 1.2.2)



  • It appears that when using TUN Client with DHCP, the client is not receiving the correct IP..causing some problems.

    (/var/etc/openvpn_csc/$CLIENTNAME)

    ifconfig-push $SERVER_IP $CLIENT_IP

    IIRC these settings are suppose to be the following:

    ifconfig-push $CLIENT_IP $SERVER_IP

    – Some simple script mods fixed that..everything is working great now!

    =-=-=-
    /etc/inc/openvpn.inc:417

    if (!empty($settings['ifconfig_push'])) {
                    list($ip, $mask) = explode('/', $settings['ifconfig_push']);
                    $baselong = ip2long($ip) & gen_subnet_mask_long($mask);
    issue –>    $conf .= 'ifconfig-push ' . long2ip($baselong + 1) . ' ' . long2ip($baselong + 2) . "\n";
            }

    fix: $conf .= 'ifconfig-push ' . long2ip($baselong + 2) . ' ' . long2ip($baselong + 1) . "\n";/'

    =-=-=-= Server Config

    cat /var/etc/openvpn_server1.conf

    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    server 10.0.8.0 255.255.255.0 ### THIS IS THE VPN NETWORK
    client-config-dir /var/etc/openvpn_csc
    push "route 10.0.1.0 255.255.255.0" ### THIS IS THE LOCAL NETWORK
    lport 1194
    ca /var/etc/openvpn_server1.ca
    cert /var/etc/openvpn_server1.cert
    key /var/etc/openvpn_server1.key
    dh /var/etc/openvpn_server1.dh
    comp-lzo
    persist-remote-ip
    float

    =-=-=-= Server - Client Specific

    cat /var/etc/openvpn_csc/client1

    ifconfig-push 10.0.8.2 10.0.8.1 ### PUSH IP TO CLIENT WITH THIS GATEWAY

    =-=-=-= CLIENT Config
    client
    dev tun
    proto udp
    remote XXX.XXX.XXX.XXX 1194 ### SERVER IP DNS NAME
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    comp-lzo
    verb 3


Log in to reply