Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - topology net30

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    7 Posts 3 Posters 9.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mvrk
      last edited by

      Hi,

      I've noticed that using topology net30 my Windows client can't connect :(

      The linux client can connect without problems.

      I never had this problem on my linux openvpn server.

      This is what happens:

      Fri Jul 12 23:59:48 2013 WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
      Fri Jul 12 23:59:48 2013 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
      Fri Jul 12 23:59:48 2013 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.5.0
      Fri Jul 12 23:59:48 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Fri Jul 12 23:59:48 2013 MANAGEMENT: >STATE:1373669988,ASSIGN_IP,,192.168.5.6,
      Fri Jul 12 23:59:48 2013 open_tun, tt->ipv6=0
      Fri Jul 12 23:59:48 2013 TAP-WIN32 device [Local Area Connection] opened: \.\Global{93E7FD03-E81A-4516-82D5-F99F71EEC128}.tap
      Fri Jul 12 23:59:48 2013 TAP-Windows Driver Version 9.9
      Fri Jul 12 23:59:48 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.5.6/192.168.5.5 on interface {93E7FD03-E81A-4516-82D5-F99F71EEC128} [DHCP-serv: 192.168.5.4, lease-time: 31536000]
      Fri Jul 12 23:59:48 2013 Successful ARP Flush on interface [28] {93E7FD03-E81A-4516-82D5-F99F71EEC128}
      Fri Jul 12 23:59:53 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Fri Jul 12 23:59:53 2013 Route: Waiting for TUN/TAP interface to come up…
      Fri Jul 12 23:59:58 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Fri Jul 12 23:59:58 2013 Route: Waiting for TUN/TAP interface to come up...
      Fri Jul 12 23:59:59 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Fri Jul 12 23:59:59 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:00 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:00 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:01 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:01 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:02 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:02 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:03 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:03 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:04 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:04 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:05 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:05 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:06 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:06 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:07 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:07 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:08 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:08 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:09 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:09 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:10 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:10 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:11 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:11 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:12 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:12 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:13 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:13 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:14 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:14 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:15 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:15 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:16 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:16 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:17 2013 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
      Sat Jul 13 00:00:17 2013 Route: Waiting for TUN/TAP interface to come up...
      Sat Jul 13 00:00:17 2013 Closing TUN/TAP interface
      Sat Jul 13 00:00:17 2013 SIGTERM[hard,] received, process exiting
      Sat Jul 13 00:00:17 2013 MANAGEMENT: >STATE:1373670017,EXITING,SIGTERM,,

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There are documented/known issues with the windows tap driver and net30, unfortunately.

        I would try completely uninstalling OpenVPN and the tap driver both, and then making sure you only reinstall the most current version of the OpenVPN 2.3.x client as from the export package.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          mvrk
          last edited by

          @jimp:

          There are documented/known issues with the windows tap driver and net30, unfortunately.

          I would try completely uninstalling OpenVPN and the tap driver both, and then making sure you only reinstall the most current version of the OpenVPN 2.3.x client as from the export package.

          Already done that, still doesn't work.

          I can connect to my linux openvpn server… bue the pfsense one fails.

          Log from the connection to Linux server:

          Fri Jul 19 20:38:51 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN xxx.pt,dhcp-option DNS 192.168.2.254,route 192.168.3.0 255.255.255.0,topology net30,ping 10,ping-restart 120,route-metric 10,route 192.168.2.0 255.255.255.0,ifconfig 192.168.3.77 192.168.3.78'
          Fri Jul 19 20:38:51 2013 OPTIONS IMPORT: timers and/or timeouts modified
          Fri Jul 19 20:38:51 2013 OPTIONS IMPORT: --ifconfig/up options modified
          Fri Jul 19 20:38:51 2013 OPTIONS IMPORT: route options modified
          Fri Jul 19 20:38:51 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
          Fri Jul 19 20:38:51 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
          Fri Jul 19 20:38:51 2013 MANAGEMENT: >STATE:1374262731,ASSIGN_IP,,192.168.3.77,
          Fri Jul 19 20:38:51 2013 open_tun, tt->ipv6=0
          Fri Jul 19 20:38:51 2013 TAP-WIN32 device [Local Area Connection] opened: \.\Global{CF733835-7862-4E3D-9D9A-C2A32D85AC19}.tap
          Fri Jul 19 20:38:51 2013 TAP-Windows Driver Version 9.9
          Fri Jul 19 20:38:51 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.3.77/255.255.255.252 on interface {CF733835-7862-4E3D-9D9A-C2A32D85AC19} [DHCP-serv: 192.168.3.78, lease-time: 31536000]
          Fri Jul 19 20:38:51 2013 Successful ARP Flush on interface [28] {CF733835-7862-4E3D-9D9A-C2A32D85AC19}
          Fri Jul 19 20:38:56 2013 TEST ROUTES: 12/12 succeeded len=12 ret=1 a=0 u/d=up
          Fri Jul 19 20:38:56 2013 MANAGEMENT: >STATE:1374262736,ADD_ROUTES,,,
          Fri Jul 19 20:38:56 2013 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 192.168.3.78 METRIC 10
          Fri Jul 19 20:38:56 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
          Fri Jul 19 20:38:56 2013 Route addition via IPAPI succeeded [adaptive]
          Fri Jul 19 20:38:56 2013 C:\Windows\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 192.168.3.78 METRIC 10
          Fri Jul 19 20:38:56 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
          Fri Jul 19 20:38:56 2013 Route addition via IPAPI succeeded [adaptive]
          Fri Jul 19 20:38:56 2013 Initialization Sequence Completed

          Log from the connection to pfSense server:

          Fri Jul 19 20:42:36 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DOMAIN xxx.pt,dhcp-option DNS 192.168.2.254,dhcp-option NTP 192.168.2.254,dhcp-option WINS 192.168.2.21,dhcp-option WINS 192.168.2.22,route 192.168.5.0 255.255.255.0,topology net30,ping 10,ping-restart 60,route-metric 10,route 192.168.2.0 255.255.255.0,ifconfig 192.168.5.69 192.168.5.79'
          Fri Jul 19 20:42:36 2013 OPTIONS IMPORT: timers and/or timeouts modified
          Fri Jul 19 20:42:36 2013 OPTIONS IMPORT: –ifconfig/up options modified
          Fri Jul 19 20:42:36 2013 OPTIONS IMPORT: route options modified
          Fri Jul 19 20:42:36 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
          Fri Jul 19 20:42:36 2013 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
          Fri Jul 19 20:42:36 2013 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
          Fri Jul 19 20:42:36 2013 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.2.0
          Fri Jul 19 20:42:36 2013 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
          Fri Jul 19 20:42:36 2013 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.5.0
          Fri Jul 19 20:42:36 2013 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
          Fri Jul 19 20:42:36 2013 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.2.0
          Fri Jul 19 20:42:36 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
          Fri Jul 19 20:42:36 2013 MANAGEMENT: >STATE:1374262956,ASSIGN_IP,,192.168.5.69,
          Fri Jul 19 20:42:36 2013 open_tun, tt->ipv6=0
          Fri Jul 19 20:42:36 2013 TAP-WIN32 device [Local Area Connection] opened: \.\Global{CF733835-7862-4E3D-9D9A-C2A32D85AC19}.tap
          Fri Jul 19 20:42:36 2013 TAP-Windows Driver Version 9.9
          Fri Jul 19 20:42:36 2013 MANAGEMENT: Client disconnected
          Fri Jul 19 20:42:36 2013 ERROR: There is a clash between the –ifconfig local address and the internal DHCP server address -- both are set to 192.168.5.69 -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server
          Fri Jul 19 20:42:36 2013 Exiting due to fatal error

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I was thinking of "topology subnet" that had issues, not sure why I was thinking that on net30. net30 should be fine with TUN though, not TAP selected on pfSense.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • A
              adam65535
              last edited by

              From your first post…

              Fri Jul 12 23:59:48 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.5.6/192.168.5.5 on interface {93E7FD03-E81A-4516-82D5-F99F71EEC128} [DHCP-serv: 192.168.5.4, lease-time: 31536000]

              The netmask is 192.168.5.5?  What is that doing there?  Did you already notice that and wondering why yourself?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                That is what the "remote" IP would be on net30, but with tun and not on tap. On tap IIRC it's always a subnet mask for the second parameter to ifconfig no matter the mode.

                Tun assumes net30 unless you use subnet, I believe, in which case the second argument is a subnet mask not an IP.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • M
                  mvrk
                  last edited by

                  I just found the problem.

                  I had "dev tap0" on my configuration file, my linux server was configured with dev tap, i copied the configuration file and forget to change it to dev tun. :(

                  Thankx all for the help anyway.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.