Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense sends incorrect ifconfig cmd to client when static ip set in freeRadius

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ax112
      last edited by

      I set up an openvpn server using freeradius to manage logins. Everything works until I try to set a static ip for the user entry in freeradius.

      With ip address set in freeradius:

      openvpn[75186]: xxxx/32.217.213.30:55684 SENT CONTROL [xxxx]: 'PUSH_REPLY,route 10.11.0.0 255.255.0.0,route-gateway 10.23.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.23.1.103 10.23.1.104' (status=1)
      

      without ip address set:

      openvpn[75186]: xxxx/32.217.213.30:63619 SENT CONTROL [xxxx]: 'PUSH_REPLY,route 10.11.0.0 255.255.0.0,route-gateway 10.23.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.23.0.2 255.255.0.0' (status=1)
      

      look at the last entry in the command "ipconfig".  with the ip address set, the server sends the wrong netmask.  of course this error results in a non-functional connection.  and yes, the correct netmask is specified in the freeradius user settings

      1 Reply Last reply Reply Quote 0
      • A
        ax112
        last edited by

        Well I seemed to solve my issue.

        In the file https://github.com/pfsense/pfsense/blob/5240564c054781330437c1767d61114d33bf7bb8/src/etc/inc/openvpn.auth-user.php

        The section that properly sends the correct ifconfig command has been commented out (line 190 - 197).  I manually uncommented this section and now everything seems to work fine.

        However, why was this part commented in the first place?  ???

        Looking at the git commit history, it's been like this since 2012.  I guess it's just an oversight? If so, how do I get this corrected?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          https://redmine.pfsense.org/issues/5129
          https://github.com/pfsense/pfsense/pull/1894

          1 Reply Last reply Reply Quote 0
          • A
            ax112
            last edited by

            awesome thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.