Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird problem with DHCP and OpenVPN interface.

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yeyo
      last edited by

      Hi,
      I have a problem with dhcpd server, which is not starting.

      Log from System -> System logs:
      php: /services_dhcp.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid bridge0 ovpns1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.6 Copyright 2004-2014 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ bad range, address 172.16.10.5 not in subnet 172.16.10.1 netmask 255.255.255.255 If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-bugs at isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the a

      I've uploaded pic with my (seems to be ok) settings. I can't get to understand, what am I doing wrong. Maybe it is bug of pfSence?

      I have checked /var/dhcpd/etc/dhcpd.conf file:
      subnet 172.16.10.1 netmask 255.255.255.255 {
              pool {
                      range 172.16.10.5 172.16.10.10;
              }

      option routers 172.16.10.1;
              option domain-name-servers 172.16.10.1;

      }

      Why netmask here is wrong, if settings are OK?

      Modificated dhcpd.conf with proper netmask rolls back changes after any change from WWW panel within dhcp settings.
      VPN_DHCP.png
      VPN_DHCP.png_thumb

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        What is the subnet specified in the interface definition for VPN_ETH?

        Sounds similar to: https://forum.pfsense.org/index.php?topic=79023.msg430915#msg430915

        -jfp

        1 Reply Last reply Reply Quote 0
        • Y
          yeyo
          last edited by

          Thank you for hint.
          Subnet is proper: VPN_ETH 172.16.10.1/24 and for LAN: 172.16.0.1/24.
          I found differences in "General configuration" and "Status: Interfaces". "General…" shows netmask as /32, but I've it configured as /24.

          From shell: ifconfig ovpns1:
          ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
                  options=80000 <linkstate>inet6 fe80::2c0:a8ff:feee:2cc5%ovpns1 prefixlen 64 scopeid 0xa
                  inet 172.16.10.1 --> 172.16.10.2 netmask 0xffffffff
                  nd6 options=3 <performnud,accept_rtadv>Opened by PID 63212
          Here is OpenVPN configuration against TUN device http://www.freebsddiary.org/openvpn-routed.php, and here against TAP http://www.freebsddiary.org/openvpn.php TUN has same netmask as my ovpns1. I prefer TUN because of my connection poor quality.

          VPN_ETH.jpg
          VPN_ETH_IP_SET.jpg
          VPN_ETH.jpg_thumb
          VPN_ETH_IP_SET.jpg_thumb</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

          1 Reply Last reply Reply Quote 0
          • Y
            yeyo
            last edited by

            I think my mistake was configuring new interface made by OpenVPN (ovpns1) and running DHCPD server on it. Without that - everything works like a charm and OpenVPN client gets proper IP address.

            1 Reply Last reply Reply Quote 0
            • D
              divsys
              last edited by

              Wooops!

              Yes, the ovpns1 interface should in general just be left alone as OpenVPN manages that one for you.  The only thing I usually need that interface for is to create a Firewall Rule allowing all traffic on ovpns1.

              Glad it's working  :)

              -jfp

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.