• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN: client-config-dir in server config missing if tunnel network is not set

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 818 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hik
    last edited by hik Jul 5, 2021, 1:00 PM Jul 5, 2021, 12:36 PM

    I have migrated an existing OpenVPN tls-server instance to pfSense. The server's IP address has to be the last IP in the network, i.e., 10.8.1.254/24 and I use client-specific configuration options.

    pfSense's "IPv4 Tunnel Network" option does not allow a specific IP but only a network. However, 10.8.1.0/24 will take the first address of the given network for the server which is 10.8.1.1 (according to OpenVPN man page).

    Therefore, I have to leave this entry empty and I use the custom option ifconfig 10.8.1.254 255.255.255.0 and mode server.

    However, if "Tunnel Network" is empty option client-config-dir will be omitted in the server configuration file. As a workaround I manually set client-config-dir /var/etc/openvpn/server4/csc with the absolute path which is a little bit cumbersome.

    This seems to be a bug because client-config-dir should always be set when OpenVPN is in server mode.

    J 1 Reply Last reply Jul 5, 2021, 1:07 PM Reply Quote 0
    • J
      JKnott @hik
      last edited by Jul 5, 2021, 1:07 PM

      @hik

      Why does the server have to be the last address?

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      H 1 Reply Last reply Jul 5, 2021, 2:02 PM Reply Quote 0
      • H
        hik @JKnott
        last edited by Jul 5, 2021, 2:02 PM

        @jknott I have a productive environment with external networks 10.5.x.0/24 with x=1..253.

        For a network 10.5.x.0/24, the corresponding external VPN client uses a tunnel IP 10.8.1.x/24:

        • E.g., the VPN client for the external network 10.5.1.0/24 has a TAP interface with 10.8.1.1/24,
        • the external network10.5.2.0/24 has a TAP interface with 10.8.1.2/24
        • and so on.

        10.8.1.x with x=1..253 is reserved for external networks. For my setup the VPN server uses the last available IP 10.8.1.254 for the tunnel network because the first one is already in use.

        OpenVPNs' --server directive simplifies the setup and sets the server IP to .1. However, there is no reason that it has to be the first available IP and not to use a custom setup.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received