Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client DHCP Address trouble

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      EcceVery
      last edited by

      I have a problem with openVPN on pfSense 1.2.3 and mac clients (all i've tried so far). The client says the openVPN connection is established successfully, but I cant see any traffic going though the VPN tunnel. Either the traffic goes as normal (not though the tun/tap interface), or it does not work.

      I'm running openVPN with PKI, all keys/certs are created and I don't think the problem is there. The problem seems to be in client IP addresses and default gateway settings. I've specified a 10.0.1.0/24 network for clients and checked the "dynamic IP" checkbox. Accoring to the instruction I read this seems to enable DHCP for clients, although the explination for this checkbox seems to have changed in more recent version of pfsense. I've also entered 'push "redirect-gateway def1"' into the options field.

      This is the log from the client:

      Wed Oct 28 13:59:33 2009: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
      Wed Oct 28 13:59:33 2009: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Wed Oct 28 13:59:33 2009: LZO compression initialized
      Wed Oct 28 13:59:33 2009: TUN/TAP device /dev/tun0 opened
      Wed Oct 28 13:59:33 2009: /Applications/Viscosity.app/Contents/Resources/dnsup.py tun0 1500 1544   init
      Wed Oct 28 13:59:33 2009: Attempting to establish TCP connection with <ip>:1194 [nonblock]
      Wed Oct 28 13:59:34 2009: TCP connection established with <ip>:1194
      Wed Oct 28 13:59:34 2009: TCPv4_CLIENT link local: [undef]
      Wed Oct 28 13:59:34 2009: TCPv4_CLIENT link remote: <ip>:1194
      Wed Oct 28 13:59:34 2009: [server] Peer Connection Initiated with <ip>:1194
      Wed Oct 28 13:59:36 2009: Initialization Sequence Completed</ip></ip></ip></ip>
      

      The VPN appears to be up, but no traffic is going though the tunnel. The tap0 interface has no IP:

      macbook#ifconfig
      tun0: flags=8850 <pointopoint,running,simplex,multicast>mtu 1500
      	open (pid 7475)</pointopoint,running,simplex,multicast>
      

      Shouldn't here be a DHCP address here?

      In the openVPN client (Viscosity) I can check "Send all traffic though VPN connection", and an IP address can be filled in. I've tried various settings here, nothing seems to work.

      The server log looks like this:

      Oct 28 12:14:28 	openvpn[2145]: Re-using SSL/TLS context
      Oct 28 12:14:28 	openvpn[2145]: LZO compression initialized
      Oct 28 12:14:28 	openvpn[2145]: TCP connection established with 193.10.30.13:61080
      Oct 28 12:14:28 	openvpn[2145]: TCPv4_SERVER link local: [undef]
      Oct 28 12:14:28 	openvpn[2145]: TCPv4_SERVER link remote: 193.10.30.13:61080
      Oct 28 12:14:30 	openvpn[2145]: 193.10.30.13:61080 [client1] Peer Connection Initiated with 193.10.30.13:61080
      

      Routing table on client after VPN Connection establishment:

      MacBook:~ ecce$ netstat -nr
      Routing tables
      
      Internet:
      Destination        Gateway            Flags        Refs      Use   Netif Expire
      default            193.10.30.1        UGSc           19        0     en1
      127                127.0.0.1          UCS             0        0     lo0
      127.0.0.1          127.0.0.1          UH              2    22527     lo0
      169.254            link#5             UCS             0        0     en1
      193.10.30          link#5             UCS             1        0     en1
      193.10.30.1        0:0:c:7:ac:af      UHLWI           9        0     en1    651
      193.10.30.13       127.0.0.1          UHS             0        0     lo0
      

      Any idea on what's wrong here?

      1 Reply Last reply Reply Quote 0
      • E
        EcceVery
        last edited by

        I've made some progress. The problem above still exists, but when I tried on a Windows machine I got a IP address via DHCP. However I can only connect to machines in the VPN Server network, on their public IP addresses. The client gets IP address 10.0.1.6/30 and default gateway is set to 10.0.1.5. Seems fine. The openVPN client is all green, and no error messages in the log file either on the server or client.

        I cannot:

        • Ping my gateway, 10.0.1.5
        • Connect to any machine on internet except the ones in the VPN server network (public IPs)

        I can:

        • connect to pfsense machine via HTTPS
        • connect to another webserver in the same public network as the pfsense server
        • make DNS req to the DNS server, also in the same network as the pfsense server

        I have Outbound NAT (AON) for 10.0.1.0/28 to WAN interface address.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.