2.0 OpenVPN warnings?
-
Hello all,
Just finishing up a getting my copy of OpenVPN working on my new 2.0RC1 build.
A couple of questions:
As all the documentation said I set the local IP subnet to my LAN's subnet but when I do I get:
Wed Apr 13 02:39:06 2011 WARNING: potential route subnet conflict between local LAN [10.2.1.0/255.255.255.0] and remote VPN [10.2.1.0/255.255.255.0], I can set my VPN server to be at 10.2.2.0/24 but then I can't access my internal servers and devices.Also I am getting:
Wed Apr 13 10:51:34 2011 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Wed Apr 13 10:51:34 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executablesAnything to worry about?
also, my final configuration came out as:
dev tun
persist-tun
persist-key
proto udp
cipher AES-256-CBC
tls-client
client
resolv-retry infinite
remote 128.54.4.59 1194
auth-user-pass
auth-nocache
ca server-CA.crt
pkcs12 user-udp-1194.p12
tls-auth user-udp-1194-tls.key 1
tls-remote www.stuff.com
comp-lzo
pull
verb 3
ping 10
nobindCan any of you gurus tell me if I missed anything?
Did I accidently add any security holes?Thanks,
-
Your tunnel network subnet needs to be different from the LAN subnet.
-
My Tunnel subnet is different from the LAN subnet.
I get the warning when I set local subnet in my OpenVPN server configurations to what my local LAN address is, which I understand is the correct setting.
-
It looks like you also set the remote network to be 10.2.1.0/24
Are both the local and remote network really 10.2.1.0/24? If the subnets really overlap, that won't work without a lot of extra NAT and various trickery.
-
Weird, on the server it is setup as 10.2.200.0, so it shouldn't overlap.