Help Needed



  • Can any one let me know why it is forcing me to write 0 as the last portion of ip (x.y.z.0) while specifying local address or remote address in Open VPN.

    Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz Plz

    becoming mad with the Boss request. He wants to specify a range which does not starts from .1…..

    Plz help me out. Both local and remote address should be able to accept anything other than 0 in its last portion.
    What changes should I do in openvpn_serverx.conf file.... any kind of help is most welcome.



  • Which field are you trying to put the .1 in? Local network or address pool? If i remember my networking correctly you have to put a .0 to give OPENVPN a pool to work with. When you add .1 you lock OPENVPN to a single ip address and if i recall OPENVPN needs at least 2 addresses to work with.



  • You have to specify subnets, not IP-Ranges. When using subnetmasks like /24 or /16 for example you will always have a .0 as network ID. If you need other chunks you have to use some other subnetmask and their appropriate sunet-ID. Have a look at something like http://www.subnet-calculator.com/ to calculate subnets, Ranges and their IDs.



  • Sorry… I think, I was good enough to convey something different from what I want....

    My question is simple.... why do OpenVPN in pfSense force X.Y.Z.0/ <something>Why not X.Y.Z.A/ <something>For example 192.168.10.50/29..... something like this..... So that the IP's within the specified range, (192.168.10.50/29)

    It is forcing me to give 192.168.10.0/29 and not 192.168.10.50/29 which I need.
    (So the range applicable starts with 192.168.10.1 to 192.168.10.6..... [[[ 192.168.10.0/29 ]]]
    I want something like this Range between 192.168.10.49 to 192.168.10.54  [[[ 192.168.10.50/29 ]]] )</something></something>



  • I'm still not sure which field you are trying to fill in, if its the address pool you can't even use 192.168.10.49 to 192.168.10.54 if your network uses a 192.168.10.0 subnet. The address pool has to be on a separate subnet like 192.168.50.0.

    On the other hand if you are trying to set the local network to only allow the vpn client to see only 192.168.10.49 to 192.168.10.54, I'm not sure you can do that. I think the only setting currently is to allow the vpn client to see the entire network.

    If someone knows how to set that up, please post how.



  • Let me rephrase my question…

    My Lan is 10.10.10.0/24..... Client addresspool is 192.168.17.0/24.... All that is okay.

    But, I do not want the client to see my entire network (ping or browse shared folder). I want them to see only

    10.10.10.151 to 10.10.10.200.... that is they should be able to ping or browse only 50 computers out of my 254 computers in the network.



  • That range isn't even close to CIDR-summarizable. I don't think this is possible. You would have to be able to firewall on the tun interfaces OpenVPN uses, and that's not currently possible.



  • Might it be possible to firewall on the LAN interface?
    That you add a block rule on the LAN tab which blocks all IP's of the VPN-subnet as destination?
    So the VPN clients can talk to the LAN, but LAN never answers.


Log in to reply