OpenVPN oddity



  • i think this screenshot will pretty much tell everything.. I have set the address pool to /24, and my vpn client is somehow getting a /30 subnet. how is this possible? Im not sure if its related, but now I cannot have the firewall rule for openVPN port 1194 set to only allow the address pool, 192.168.200.0/24. if i do this then the vpn client fails to connect.. TLS Handshake failed after 60seconds. I have to set the firewall rule to allow "any" source. Which I dont think is secure as it should be. the weird thing is it was working properly just days ago, with no configuration changes. If anyone could shed some light on what could cause this i'd appreciate it. thanks



  • cheers,

    the subnetmask you receive is normal behavior, it's because ovpn doesn't adress the
    whole space you provided.

    Filtering on tun0 is not supported right now, so your "any" rule is fine.

    Please post you ovpn logs (client & server), so we can dig to see what went wrong.

    kind regards
    dairaen



  • ok.. so having it set to any is fine.. thanks for clearing that up.

    So once I am in, I get the IP 192.168.200.6 as the vpn client. The server is 192.168.200.1, which i can ping with no problem.

    Reply from 192.168.200.1: bytes=32 time=94ms TTL=64

    My problem is I cannot seem to ping any client in the LAN behind the VPN server.

    Pinging 192.168.1.100 with 32 bytes of data:
    Request timed out.

    The LAN subnet is 192.168.1.0/24 so I have made a line in the custom options of the openVPN page:

    push "route 192.168.1.0 255.255.255.0"

    I see no entires in the Firewall tab of the log showing it blocking any ping requests so I'm not sure what is happening here. Any ideas? Thanks



  • ok scratch that. its fixed


Log in to reply