Weird problem with DHCP and OpenVPN interface.



  • Hi,
    I have a problem with dhcpd server, which is not starting.

    Log from System -> System logs:
    php: /services_dhcp.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid bridge0 ovpns1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.6 Copyright 2004-2014 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ bad range, address 172.16.10.5 not in subnet 172.16.10.1 netmask 255.255.255.255 If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-bugs at isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the a

    I've uploaded pic with my (seems to be ok) settings. I can't get to understand, what am I doing wrong. Maybe it is bug of pfSence?

    I have checked /var/dhcpd/etc/dhcpd.conf file:
    subnet 172.16.10.1 netmask 255.255.255.255 {
            pool {
                    range 172.16.10.5 172.16.10.10;
            }

    option routers 172.16.10.1;
            option domain-name-servers 172.16.10.1;

    }

    Why netmask here is wrong, if settings are OK?

    Modificated dhcpd.conf with proper netmask rolls back changes after any change from WWW panel within dhcp settings.



  • What is the subnet specified in the interface definition for VPN_ETH?

    Sounds similar to: https://forum.pfsense.org/index.php?topic=79023.msg430915#msg430915



  • Thank you for hint.
    Subnet is proper: VPN_ETH 172.16.10.1/24 and for LAN: 172.16.0.1/24.
    I found differences in "General configuration" and "Status: Interfaces". "General…" shows netmask as /32, but I've it configured as /24.

    From shell: ifconfig ovpns1:
    ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::2c0:a8ff:feee:2cc5%ovpns1 prefixlen 64 scopeid 0xa
            inet 172.16.10.1 --> 172.16.10.2 netmask 0xffffffff
            nd6 options=3 <performnud,accept_rtadv>Opened by PID 63212
    Here is OpenVPN configuration against TUN device http://www.freebsddiary.org/openvpn-routed.php, and here against TAP http://www.freebsddiary.org/openvpn.php TUN has same netmask as my ovpns1. I prefer TUN because of my connection poor quality.




    </performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>



  • I think my mistake was configuring new interface made by OpenVPN (ovpns1) and running DHCPD server on it. Without that - everything works like a charm and OpenVPN client gets proper IP address.



  • Wooops!

    Yes, the ovpns1 interface should in general just be left alone as OpenVPN manages that one for you.  The only thing I usually need that interface for is to create a Firewall Rule allowing all traffic on ovpns1.

    Glad it's working  :)