Bug #15376
closed
OpenVPN DHCP Range | Pool
0%
Description
Ive had an issue with OpenVPN Server in PFSENSE, one Client couldnt connect to VPN. The solution was, reinstalling the OpvenVPN Client, now, it tryes to get a different IP which works. What i know is, the first IP is allways the server IP, 254 is the DCHP and 255 the broadcast IP, how can i exclude those from the pool?
2024-04-02 09:29:28 ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to 172.21.0.254 -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 127.0.0.1
tls-server
server 172.21.0.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user XXXXXXXXXXXXX false server1 1194
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.example.com' 1"
lport 1194
management /var/etc/openvpn/server1/sock unix
max-clients 250
push "dhcp-option DNS 8.8.8.8"
push "block-outside-dns"
push "register-dns"
remote-cert-tls client
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert
key /var/etc/openvpn/server1/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression asym
persist-remote-ip
float
topology subnet
mute-replay-warnings
I found online an option to use the following (example IP´s)
ifconfig 10.101.103.33 255.255.255.248
ifconfig-pool 10.101.103.34 10.101.103.38 255.255.255.248
topology subnet
but this doesnt work, because the following problem occurs:
Apr 2 09:59:00 openvpn 47522 Flushing states on OpenVPN interface ovpns2 (Link Down)
Apr 2 09:59:01 openvpn 68696 SIGTERM[hard,] received, process exiting
Apr 2 09:59:01 openvpn 69330 Options error: --server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly
Apr 2 09:59:01 openvpn 69330 Use --help for more information.
Apr 2 10:04:54 openvpn 88456 Options error: --server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly
Apr 2 10:04:54 openvpn 88456 Use --help for more information.
How to solve that issue in OpenVPN PFsense?
Updated by Danilo Zrenjanin 30 days ago
Hello Felix,
This doesn't sound like a pfSense bug.
To achieve your goal, simply add the following line to the OpenVPN server custom field:
server 172.21.0.0 255.255.255.0 nopool;ifconfig-pool "172.21.0.100 172.21.0.200";
If you have more questions, please open a thread on our forum:
https://forum.netgate.com/
Updated by Felix Wurzacher 24 days ago
i used the following in custom option, which worked for me:
server 172.21.0.0 255.255.255.0 nopool;
ifconfig-pool 172.21.0.50 172.21.0.60 255.255.255.0;
would be great if theres an option or similar in pfsense to set this, i was looking everywhere, in DHCP Server and so on, and couldnt find an option to set the DHCP range for the OpenVPN Server, i can and will use the custom option