• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to fix "WARNING: You have specified redirect-gateway and redirect-private at the same time"

OpenVPN
2
5
5.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    shoulders
    last edited by Mar 20, 2023, 3:08 PM

    I have configured an OpenVPN server (tun) with only IPv4 enabled and I have the Redirect IPv4 Gateway option enabled.

    I then always get the following error on connection:

    WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
    • if i do not use the pfsense option Redirect IPv4 Gateway I do not get this error.
      I have looked in the pfsense .OPVN file in /var/etc/openvpn/server1/ and cannot see any mention of redirect-private
    • I cannot see what options are pushed
    • I am using the OpenVPN GUI/Client v11.31.0.0 / 2.5.8 on Windows 10

    What does this error mean and how can I stop it but still use redirect-gateway?

    Thanks

    V 1 Reply Last reply Mar 20, 2023, 4:55 PM Reply Quote 0
    • V
      viragomann @shoulders
      last edited by Mar 20, 2023, 4:55 PM

      @shoulders
      If you remove the check mark at "redirect gateway" are there any entries in "Local Networks"? If so remove them and re-check redirect gateway.

      S 1 Reply Last reply Mar 20, 2023, 5:03 PM Reply Quote 1
      • S
        shoulders @viragomann
        last edited by Mar 20, 2023, 5:03 PM

        @viragomann nothing present and still getting the error, but good try thanks

        V 1 Reply Last reply Mar 20, 2023, 5:06 PM Reply Quote 0
        • V
          viragomann @shoulders
          last edited by Mar 20, 2023, 5:06 PM

          @shoulders
          I assume, you get this message on the client. Can you post the whole push message from the client log?

          S 1 Reply Last reply Mar 20, 2023, 5:23 PM Reply Quote 0
          • S
            shoulders @viragomann
            last edited by shoulders Mar 20, 2023, 5:45 PM Mar 20, 2023, 5:23 PM

            @viragomann Awesome Solution :), thanks

            This is a follow-up:

            Earlier on I did remove 10.0.0.0/24 from the IPv4 Local Networks but I was still getting the error so I thought that did not fix it. I had in the Custom options the following command

            push "redirect-gateway def1 block-local"

            I removed this and now I am not getting the message so I cannot send you the log now because it is fixed, but it turns out your were right. So the 3 things that can cause this error

            • when Redirect IPv4 Gateway is enabled there is an entry in the hidden field IPv4 Local network(s)
            • you have enabled Redirect IPv6 Gateway but do not have IPv6 enabled
            • overriding the redirect-gateway in Custom Options

            This is an old log:

            Sat Mar 18 18:08:16 2023 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec  2 2022
Sat Mar 18 18:08:16 2023 Windows version 10.0 (Windows 10 or greater) 64bit
Sat Mar 18 18:08:16 2023 library versions: OpenSSL 1.1.1s  1 Nov 2022, LZO 2.10
Sat Mar 18 18:08:18 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]123.123.123.123:2727
Sat Mar 18 18:08:18 2023 UDPv4 link local: (not bound)
Sat Mar 18 18:08:18 2023 UDPv4 link remote: [AF_INET]123.123.123.123:2727
Sat Mar 18 18:08:18 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Mar 18 18:08:19 2023 [pfSense Server Certificate] Peer Connection Initiated with [AF_INET]123.123.123.123:2727
Sat Mar 18 18:08:19 2023 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Sat Mar 18 18:08:19 2023 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Sat Mar 18 18:08:19 2023 open_tun
Sat Mar 18 18:08:19 2023 tap-windows6 device [OpenVPN TAP-Windows6] opened
Sat Mar 18 18:08:19 2023 Set TAP-Windows TUN subnet mode network/local/netmask = 10.217.1.0/10.217.1.2/255.255.255.0 [SUCCEEDED]
Sat Mar 18 18:08:19 2023 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.217.1.2/255.255.255.0 on interface {39A232AE-AE2D-4EFC-9BCD-7159D7CFE9B1} [DHCP-serv: 10.217.1.0, lease-time: 31536000]
Sat Mar 18 18:08:19 2023 Successful ARP Flush on interface [7] {39A232AE-AE2D-4EFC-9BCD-7159D7CFE9B1}
Sat Mar 18 18:08:19 2023 IPv4 MTU set to 1500 on interface 7 using service
Sat Mar 18 18:08:20 2023 Blocking outside dns using service succeeded.
Sat Mar 18 18:08:25 2023 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for OpenVPN TAP-Windows6, therefore the route installation may fail or may not work as expected.
Sat Mar 18 18:08:25 2023 add_route_ipv6(::/3 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 add_route_ipv6(2000::/4 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 add_route_ipv6(2727::/4 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 add_route_ipv6(fc00::/7 -> :: metric -1) dev OpenVPN TAP-Windows6
Sat Mar 18 18:08:25 2023 Initialization Sequence Completed
Sat Mar 18 18:08:25 2023 Register_dns request sent to the service
            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.