OpenVPN Server stopped working.

  • Hello,

    I've set up an OpenVPN Server with pfSense nearly a year ago and it was working fine (performance was very good).

    Now I've tried to change the local network, because we recently changed our subnet mask to

    Previous Local Network Setting:

    Local Network Setting Now:

    (This is all I changed! Nothing else.)

    This is the content of my server.conf file:

    dev ovpns2
    dev-type tun
    dev-node /dev/tun2
    writepid /var/run/
    #user nobody
    #group nobody
    script-security 3
    keepalive 10 60
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-config-dir /var/etc/openvpn-csc
    auth-user-pass-verify /var/etc/openvpn/server2.php via-env
    tls-verify /var/etc/openvpn/server2.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server2.sock unix
    max-clients 25
    push "route"
    push "dhcp-option DOMAIN APICON.local"
    push "dhcp-option DNS"
    push "dhcp-option WINS"
    ca /var/etc/openvpn/ 
    cert /var/etc/openvpn/server2.cert 
    key /var/etc/openvpn/server2.key 
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server2.tls-auth 0

    So I can still connect to my server just fine. I can ping the pfsense box (which is, but I can't ping anything else.

    I can even access the pfsense web gui over the VPN, but nothing else works. I have no idea why this is.

  • Banned This in an absolutely, totally horrible idea. You've cut off any remote LAN in 192.168. range. And yes, that includes the overlapping


  • haha - you beat me to it.

    Yeah - I would move all your subnets to 10.something.something.something

    Also wouldn't push a /16 unless there was a great reason for it.

    Better to have a few distinct and uncommon /24s and push a few /24s

  • Banned

    And if you seriously need /16 and 65K hosts, then use something in the 10/16 range.

  • Thank you for the replies. As soon as you mentioned it, I understood what the problem was. (I'm a dumbass.)

    The /16 is a temporary fix for an annoying problem.

    We have about 50 client computers with fixed IPs all over the network. The dhcp server was constantly assigning IPs that were already in use. So I changed  the subnet mask on every client with fixed IP for a quick and dirty fix done on a friday evening.

    I know that it's not a good idea, but it's only temporary. I first have to assign the 50 clients to useful IPs and then set a DHCP range outside of those, so that our other client computers don't have issues.

  • If you just need some more space around "175" you can just reduce the netmask a little bit, e.g. = to (netmask
    or = to (netmask

    then you don't overlap a whole lot of other stuff.
    You can then make the DHCP range in the space outside of "175" to quickly get DHCP clients away from the random static stuff in 175 - whatever you do if you want the DHCP clients to talk to things in 175, then the things in 175 have to have their netmask changed.

  • Thank you phil.davis, that's exactly what I did.

    Everything is working now.

Log in to reply