2.0 OpenVPN warnings?



  • Hello all,

    Just finishing up a getting my copy of OpenVPN working on my new 2.0RC1 build.

    A couple of questions:

    As all the documentation said I set the local IP subnet to my LAN's subnet but when I do I get:
    Wed Apr 13 02:39:06 2011 WARNING: potential route subnet conflict between local LAN [10.2.1.0/255.255.255.0] and remote VPN [10.2.1.0/255.255.255.0], I can set my VPN server to be at 10.2.2.0/24 but then I can't access my internal servers and devices.

    Also I am getting:
    Wed Apr 13 10:51:34 2011 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
    Wed Apr 13 10:51:34 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

    Anything to worry about?

    also, my final configuration came out as:

    dev tun
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    tls-client
    client
    resolv-retry infinite
    remote 128.54.4.59 1194
    auth-user-pass
    auth-nocache
    ca server-CA.crt
    pkcs12 user-udp-1194.p12
    tls-auth user-udp-1194-tls.key 1
    tls-remote www.stuff.com
    comp-lzo
    pull
    verb 3
    ping 10
    nobind

    Can any of you gurus tell me if I missed anything?
    Did I accidently add any security holes?

    Thanks,



  • Your tunnel network subnet needs to be different from the LAN subnet.



  • My Tunnel subnet is different from the LAN subnet.

    I get the warning when I set local subnet in my OpenVPN server configurations to what my local LAN address is, which I understand is the correct setting.


  • Rebel Alliance Developer Netgate

    It looks like you also set the remote network to be 10.2.1.0/24

    Are both the local and remote network really 10.2.1.0/24? If the subnets really overlap, that won't work without a lot of extra NAT and various trickery.



  • Weird, on the server it is setup as 10.2.200.0, so it shouldn't overlap.


Log in to reply