Weird problem with DHCP and OpenVPN interface.

  • Hi,
    I have a problem with dhcpd server, which is not starting.

    Log from System -> System logs:
    php: /services_dhcp.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/ bridge0 ovpns1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.6 Copyright 2004-2014 Internet Systems Consortium. All rights reserved. For info, please visit bad range, address not in subnet netmask If you did not get this software from, please get the latest from and install that before requesting help. If you did get this software from and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-bugs at mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the a

    I've uploaded pic with my (seems to be ok) settings. I can't get to understand, what am I doing wrong. Maybe it is bug of pfSence?

    I have checked /var/dhcpd/etc/dhcpd.conf file:
    subnet netmask {
            pool {

    option routers;
            option domain-name-servers;


    Why netmask here is wrong, if settings are OK?

    Modificated dhcpd.conf with proper netmask rolls back changes after any change from WWW panel within dhcp settings.

  • What is the subnet specified in the interface definition for VPN_ETH?

    Sounds similar to:

  • Thank you for hint.
    Subnet is proper: VPN_ETH and for LAN:
    I found differences in "General configuration" and "Status: Interfaces". "General…" shows netmask as /32, but I've it configured as /24.

    From shell: ifconfig ovpns1:
    ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::2c0:a8ff:feee:2cc5%ovpns1 prefixlen 64 scopeid 0xa
            inet --> netmask 0xffffffff
            nd6 options=3 <performnud,accept_rtadv>Opened by PID 63212
    Here is OpenVPN configuration against TUN device, and here against TAP TUN has same netmask as my ovpns1. I prefer TUN because of my connection poor quality.


  • I think my mistake was configuring new interface made by OpenVPN (ovpns1) and running DHCPD server on it. Without that - everything works like a charm and OpenVPN client gets proper IP address.

  • Wooops!

    Yes, the ovpns1 interface should in general just be left alone as OpenVPN manages that one for you.  The only thing I usually need that interface for is to create a Firewall Rule allowing all traffic on ovpns1.

    Glad it's working  :)

Log in to reply