Error connecting VPN from Windows 2008R2 SP1 --ip-win32 dynamic

hawkbh

Hi Guys!
When I trying to log on to Openvpn by the Windows Server 2008 R2 SP1, I receive this error "--ip-win32 dynamic [offset]: the offset is outside the subnet --ifconfig". I am using PFSense 2.4.5-Release. I am using from client export the Current Windows Installer (2.4.8-Ix02) for Windows7/8/8.1/2012R2

The complete log is below:
Wed Apr 29 14:40:01 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Wed Apr 29 14:40:01 2020 Windows version 6.1 (Windows 7) 64bit
Wed Apr 29 14:40:01 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Wed Apr 29 14:40:02 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]179.X.X.X:1194
Wed Apr 29 14:40:02 2020 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Apr 29 14:40:02 2020 UDPv4 link remote: [AF_INET]179.X.X.X:1194
Wed Apr 29 14:40:02 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Apr 29 14:40:02 2020 [vpn] Peer Connection Initiated with [AF_INET]179.X.X.X:1194
Wed Apr 29 14:40:08 2020 open_tun
Wed Apr 29 14:40:08 2020 TAP-WIN32 device [Local Area Connection 4] opened: \.\Global{A8A56DA9-8CFC-42B6-B3E3-9CA255A2A433}.tap
Wed Apr 29 14:40:08 2020 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.8.192/10.10.8.208/10.10.8.207 [SUCCEEDED]
Wed Apr 29 14:40:08 2020 ERROR: --ip-win32 dynamic [offset] : offset is outside of --ifconfig subnet
Wed Apr 29 14:40:08 2020 Exiting due to fatal error

Does anybody could help me?

Rico

Wed Apr 29 14:40:08 2020 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.8.192/10.10.8.208/10.10.8.207 [SUCCEEDED]
Looks like config Error on the server side
network 10.10.8.192
local 10.10.8.208
netmask 10.10.8.207
yeah I would not expect that to work. Post your OpenVPN server config (screenshots).

-Rico

hawkbh

@Rico thank you for help me.

johnpoz

Your using a tunnel network that overlaps your local network - not a good idea..

Your tunnel network 10.10.8/24 is inside your local network 10.10/17 which is everything 10.10.0.0 .10.10.127.255

Why would you do that? Use say 172.16.0.0/24 as you tunnel. Or 10.0.8/24

hawkbh

@johnpoz said in Error connecting VPN from Windows 2008R2 SP1 --ip-win32 dynamic:

172.16.0.0/24

Hi @johnpoz thank you for watching! I will change like you suggest. I did it because I was having problems with route but I have fixed it and did not change the IPs range. But I think that will not help me with my problem. Right?

hawkbh

@hawkbh I figure out. The problem was I were trying to get static IP from AD. I just have to configure at pfsense to get static IP.

johnpoz

Yeah that is just gibberish..