Possible BUG/FIX: OpenVPN: DHCP, TUN, Client Problems (pfSense 1.2.2)
-
It appears that when using TUN Client with DHCP, the client is not receiving the correct IP..causing some problems.
(/var/etc/openvpn_csc/$CLIENTNAME)
ifconfig-push $SERVER_IP $CLIENT_IP
IIRC these settings are suppose to be the following:
ifconfig-push $CLIENT_IP $SERVER_IP
– Some simple script mods fixed that..everything is working great now!
=-=-=-
/etc/inc/openvpn.inc:417if (!empty($settings['ifconfig_push'])) {
list($ip, $mask) = explode('/', $settings['ifconfig_push']);
$baselong = ip2long($ip) & gen_subnet_mask_long($mask);
issue –> $conf .= 'ifconfig-push ' . long2ip($baselong + 1) . ' ' . long2ip($baselong + 2) . "\n";
}fix: $conf .= 'ifconfig-push ' . long2ip($baselong + 2) . ' ' . long2ip($baselong + 1) . "\n";/'
=-=-=-= Server Config
cat /var/etc/openvpn_server1.conf
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 10.0.8.0 255.255.255.0 ### THIS IS THE VPN NETWORK
client-config-dir /var/etc/openvpn_csc
push "route 10.0.1.0 255.255.255.0" ### THIS IS THE LOCAL NETWORK
lport 1194
ca /var/etc/openvpn_server1.ca
cert /var/etc/openvpn_server1.cert
key /var/etc/openvpn_server1.key
dh /var/etc/openvpn_server1.dh
comp-lzo
persist-remote-ip
float=-=-=-= Server - Client Specific
cat /var/etc/openvpn_csc/client1
ifconfig-push 10.0.8.2 10.0.8.1 ### PUSH IP TO CLIENT WITH THIS GATEWAY
=-=-=-= CLIENT Config
client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1194 ### SERVER IP DNS NAME
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3