Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible BUG/FIX: OpenVPN: DHCP, TUN, Client Problems (pfSense 1.2.2)

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mattlal
      last edited by

      It appears that when using TUN Client with DHCP, the client is not receiving the correct IP..causing some problems.

      (/var/etc/openvpn_csc/$CLIENTNAME)

      ifconfig-push $SERVER_IP $CLIENT_IP

      IIRC these settings are suppose to be the following:

      ifconfig-push $CLIENT_IP $SERVER_IP

      – Some simple script mods fixed that..everything is working great now!

      =-=-=-
      /etc/inc/openvpn.inc:417

      if (!empty($settings['ifconfig_push'])) {
                      list($ip, $mask) = explode('/', $settings['ifconfig_push']);
                      $baselong = ip2long($ip) & gen_subnet_mask_long($mask);
      issue –>    $conf .= 'ifconfig-push ' . long2ip($baselong + 1) . ' ' . long2ip($baselong + 2) . "\n";
              }

      fix: $conf .= 'ifconfig-push ' . long2ip($baselong + 2) . ' ' . long2ip($baselong + 1) . "\n";/'

      =-=-=-= Server Config

      cat /var/etc/openvpn_server1.conf

      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      dev tun
      proto udp
      cipher BF-CBC
      up /etc/rc.filter_configure
      down /etc/rc.filter_configure
      server 10.0.8.0 255.255.255.0 ### THIS IS THE VPN NETWORK
      client-config-dir /var/etc/openvpn_csc
      push "route 10.0.1.0 255.255.255.0" ### THIS IS THE LOCAL NETWORK
      lport 1194
      ca /var/etc/openvpn_server1.ca
      cert /var/etc/openvpn_server1.cert
      key /var/etc/openvpn_server1.key
      dh /var/etc/openvpn_server1.dh
      comp-lzo
      persist-remote-ip
      float

      =-=-=-= Server - Client Specific

      cat /var/etc/openvpn_csc/client1

      ifconfig-push 10.0.8.2 10.0.8.1 ### PUSH IP TO CLIENT WITH THIS GATEWAY

      =-=-=-= CLIENT Config
      client
      dev tun
      proto udp
      remote XXX.XXX.XXX.XXX 1194 ### SERVER IP DNS NAME
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca ca.crt
      cert client1.crt
      key client1.key
      comp-lzo
      verb 3

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.