Violates tunnel network/netmask constraint


  • Hi,

    My working OpenVPN stops working after I upgraded to 2.3-1

    In OpenVPN log, there are errors of

    
    user.cert.name/1.2.3.4:56162 MULTI ERROR: primary virtual IP for user.cert.name/1.2.3.4:56162 (10.38.21.8) violates tunnel network/netmask constraint (10.8.2.0/255.255.255.0) 
    
    

    This is solved by remove the tunnel network settings for user.cert.name at Client Specific Overrides session.

    So in pfsense2.3, how do I specific client's IP address?

    Thank you.


  • Ok.

    I understand this is due to OpenVPN topology change in new release.

    Now my next question is how do I specific IP for client with "Subnet – One IP address per client in a common subnet" ?

    I tried to specific client IP in the same subnet by enter "10.8.1.200/32" into tunnel network settings for user.cert.name, and I can see vpn established but traffic unable to pass through.

    Also with the new topology, can I specific client's IP in other subnet?

    Thank you.