Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN assigning incorrect subnet mask

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rwebb616
      last edited by

      Hi,

      I know this has been discussed before.. specifically this thread:  http://forum.pfsense.org/index.php/topic,15827.0.html

      I couldn't find a way to reply to that topic and I couldn't see where it was locked, so I just started a new thread.

      I am getting the same behavior where I'm getting IP address 172.16.10.6 and subnet mask 172.16.10.5.

      GruensFroeschli indicated that this is correct and that it's a /30… but a /30 would NOT give an IP for a subnet mask value.. a /30 should be 255.255.255.252 with .5 and .6 being the usable IPs and .4 and .7 being the network and broadcast respectively

      Not sure how to fix this.  My road warrior client is connecting but unable to route anywhere.

      Any help would be appreciated.

      Thanks
      -Rich

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Please post the assigned network settings on the client (shown by ipconfig/all on Windows or ifconfig on Linux/BSD).

        1 Reply Last reply Reply Quote 0
        • R
          rwebb616
          last edited by

          @Cry:

          Please post the assigned network settings on the client (shown by ipconfig/all on Windows or ifconfig on Linux/BSD).

          Windows IP Configuration

          Host Name . . . . . . . . . . . . : tech1
                  Primary Dns Suffix  . . . . . . . :
                  Node Type . . . . . . . . . . . . : Unknown
                  IP Routing Enabled. . . . . . . . : No
                  WINS Proxy Enabled. . . . . . . . : No

          Ethernet adapter OpenVPN Adapter:

          Connection-specific DNS Suffix  . : zt.local
                  Description . . . . . . . . . . . : TAP-Win32 Adapter V8
                  Physical Address. . . . . . . . . : 00-FF-4F-C0-19-ED
                  Dhcp Enabled. . . . . . . . . . . : Yes
                  Autoconfiguration Enabled . . . . : Yes
                  IP Address. . . . . . . . . . . . : 172.16.10.6
                  Subnet Mask . . . . . . . . . . . : 172.16.10.5
                  Default Gateway . . . . . . . . . :
                  DHCP Server . . . . . . . . . . . : 172.16.10.4
                  Lease Obtained. . . . . . . . . . : Tuesday, February 22, 2011 6:08:58 PM
                  Lease Expires . . . . . . . . . . : Wednesday, February 22, 2012 6:08:58 PM

          Here is my ovpn config file:

          client
          float
          port 1194
          dev tap
          proto tcp-client
          remote x.x.x.x 1194
          ping 10
          persist-key
          persist-tun
          tls-client
          ca pfsense.crt
          cert testclient.crt
          key testclient.key
          ns-cert-type server
          #auth-user-pass
          #comp-lzo
          pull
          verb 4

          Thanks
          -Rich

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            Can you also post a screenshot of your OpenVPN server settings?

            1 Reply Last reply Reply Quote 0
            • R
              rwebb616
              last edited by

              @Cry:

              Can you also post a screenshot of your OpenVPN server settings?

              I have included the top and bottom portions of the screen as the certificates must be correct since the connection is being established.

              screen1.JPG
              screen1.JPG_thumb
              screen2.jpg
              screen2.jpg_thumb

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Client should have dev tun, not dev tap.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • R
                  rwebb616
                  last edited by

                  @jimp:

                  Client should have dev tun, not dev tap.

                  It's always the simple things - that did it!  Thanks!

                  -Rich

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.