Re: [Openvpn-users] Changing openvpn dhcp pool

Zoltán Szabó Sun, 06 Mar 2016 13:22:22 -0800

Ok it is better now after some changes, IP addresses are assigned correctly
from the two ranges. but non of the clients can reach each other, even ping
is not working.


server config now:
proto udp
dev tun

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem

mode server
tls-server
topology subnet
push "topology subnet"
ifconfig 10.8.0.1 255.255.254.0
ifconfig-pool 10.8.1.0 10.8.1.253
route-gateway 10.8.0.1
push "route-gateway 10.8.0.1"

ifconfig-pool-persist ipp.txt

client-config-dir /etc/openvpn/ccd

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

client-to-client

keepalive 10 300
comp-lzo

user nobody
group nobody
persist-key
persist-tun

status /etc/openvpn/openvpn-status.log

verb 6

DHCP client config file:
client
dev tun
proto udp
remote ************* 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca e:\\Temp\\vpn\\ca.crt
cert e:\\Temp\\vpn\\client2.crt
key e:\\Temp\\vpn\\client2.key

And I have one file in the ccd dir for one of the clients to set static IP:
ifconfig-push 10.8.0.5 255.255.254.0

The routing table on the dhcp client looks like this at the moment:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101      5
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    261
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    261
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    261


And the routing table on the client with static ip:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.8.0.0        *               255.255.254.0   U     0      0        0 tun0
172.17.0.0      *               255.255.0.0     U     0      0        0
docker0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0


And I am trying to reach 10.8.0.5 from 10.8.1.1

And here is the log from the dhcp client when connecting:
Sun Mar 06 21:30:59 2016 PUSH: Received control message:
'PUSH_REPLY,topology subnet,route-gateway 10.8.0.1,dhcp-option DNS
8.8.8.8,dhcp-option DNS 8.8.4.4,ping 10,ping-restart 300,ifconfig 10.8.1.0
255.255.254.0'
Sun Mar 06 21:30:59 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 06 21:30:59 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 06 21:30:59 2016 OPTIONS IMPORT: route-related options modified
Sun Mar 06 21:30:59 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Sun Mar 06 21:30:59 2016 do_ifconfig, tt->ipv6=0,
tt->did_ifconfig_ipv6_setup=0
Sun Mar 06 21:30:59 2016 MANAGEMENT: >STATE:1457299859,ASSIGN_IP,,10.8.1.0,
Sun Mar 06 21:30:59 2016 open_tun, tt->ipv6=0
Sun Mar 06 21:30:59 2016 TAP-WIN32 device [Ethernet 2] opened:
\\.\Global\{956E0460-9261-4CD3-A69F-D7B45057C62B}.tap
Sun Mar 06 21:30:59 2016 TAP-Windows Driver Version 9.21
Sun Mar 06 21:30:59 2016 Set TAP-Windows TUN subnet mode
network/local/netmask = 10.8.0.0/10.8.1.0/255.255.254.0 [SUCCEEDED]
Sun Mar 06 21:30:59 2016 Notified TAP-Windows driver to set a DHCP
IP/netmask of 10.8.1.0/255.255.254.0 on interface
{956E0460-9261-4CD3-A69F-D7B45057C62B} [DHCP-serv: 10.8.1.254, lease-time:
31536000]
Sun Mar 06 21:30:59 2016 Successful ARP Flush on interface [33]
{956E0460-9261-4CD3-A69F-D7B45057C62B}
Sun Mar 06 21:31:05 2016 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Sun Mar 06 21:31:05 2016 Route: Waiting for TUN/TAP interface to come up...
Sun Mar 06 21:31:32 2016 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Sun Mar 06 21:31:32 2016 Route: Waiting for TUN/TAP interface to come up...
Sun Mar 06 21:31:33 2016 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Sun Mar 06 21:31:33 2016 Route: Waiting for TUN/TAP interface to come up...
Sun Mar 06 21:31:34 2016 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.1.1 p=0 i=3 t=4 pr=3 a=25282 h=0 m=5/0/0/0/0
10.8.0.4 255.255.255.252 10.8.0.6 p=0 i=33 t=3 pr=2 a=6211 h=0 m=276/0/0/0/0
10.8.0.6 255.255.255.255 10.8.0.6 p=0 i=33 t=3 pr=2 a=6211 h=0 m=276/0/0/0/0
10.8.0.7 255.255.255.255 10.8.0.6 p=0 i=33 t=3 pr=2 a=6211 h=0 m=276/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=261734 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=261734 h=0
m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=261734 h=0
m=306/0/0/0/0
192.168.1.0 255.255.255.0 192.168.1.101 p=0 i=3 t=3 pr=2 a=25282 h=0
m=261/0/0/0/0
192.168.1.101 255.255.255.255 192.168.1.101 p=0 i=3 t=3 pr=2 a=25282 h=0
m=261/0/0/0/0
192.168.1.255 255.255.255.255 192.168.1.101 p=0 i=3 t=3 pr=2 a=25282 h=0
m=261/0/0/0/0
192.168.196.0 255.255.255.0 192.168.196.1 p=0 i=47 t=3 pr=2 a=25285 h=0
m=276/0/0/0/0
192.168.196.1 255.255.255.255 192.168.196.1 p=0 i=47 t=3 pr=2 a=25285 h=0
m=276/0/0/0/0
192.168.196.255 255.255.255.255 192.168.196.1 p=0 i=47 t=3 pr=2 a=25285 h=0
m=276/0/0/0/0
192.168.241.0 255.255.255.0 192.168.241.1 p=0 i=46 t=3 pr=2 a=25285 h=0
m=276/0/0/0/0
192.168.241.1 255.255.255.255 192.168.241.1 p=0 i=46 t=3 pr=2 a=25285 h=0
m=276/0/0/0/0
192.168.241.255 255.255.255.255 192.168.241.1 p=0 i=46 t=3 pr=2 a=25285 h=0
m=276/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=261734 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.1.101 p=0 i=3 t=3 pr=2 a=25289 h=0 m=261/0/0/0/0
224.0.0.0 240.0.0.0 192.168.196.1 p=0 i=47 t=3 pr=2 a=25289 h=0
m=276/0/0/0/0
224.0.0.0 240.0.0.0 192.168.241.1 p=0 i=46 t=3 pr=2 a=25289 h=0
m=276/0/0/0/0
224.0.0.0 240.0.0.0 10.8.0.6 p=0 i=33 t=3 pr=2 a=25289 h=0 m=276/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=261734 h=0
m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.1.101 p=0 i=3 t=3 pr=2 a=25289 h=0
m=261/0/0/0/0
255.255.255.255 255.255.255.255 192.168.196.1 p=0 i=47 t=3 pr=2 a=25289 h=0
m=276/0/0/0/0
255.255.255.255 255.255.255.255 192.168.241.1 p=0 i=46 t=3 pr=2 a=25289 h=0
m=276/0/0/0/0
255.255.255.255 255.255.255.255 10.8.0.6 p=0 i=33 t=3 pr=2 a=25289 h=0
m=276/0/0/0/0
SYSTEM ADAPTER LIST
VMware Virtual Ethernet Adapter for VMnet1
  Index = 46
  GUID = {1B1731F5-1880-4038-8DF1-22D9C9729B94}
  IP = 192.168.241.1/255.255.255.0
  MAC = 00:50:56:c0:00:01
  GATEWAY = 0.0.0.0/255.255.255.255
  DNS SERV =
TAP-Windows Adapter V9
  Index = 33
  GUID = {956E0460-9261-4CD3-A69F-D7B45057C62B}
  IP = 10.8.0.6/255.255.255.252
  MAC = 00:ff:95:6e:04:60
  GATEWAY = 0.0.0.0/255.255.255.255
  DHCP SERV = 10.8.0.5/255.255.255.255
  DHCP LEASE OBTAINED = Sun Mar 06 19:48:02 2016
  DHCP LEASE EXPIRES  = Mon Mar 06 19:48:02 2017
  DNS SERV = 8.8.8.8/255.255.255.255 8.8.4.4/255.255.255.255
Microsoft Wi-Fi Direct Virtual Adapter
  Index = 5
  GUID = {286F1C2F-D5CA-4BDA-BA7A-48B13FE7D474}
  IP = 0.0.0.0/0.0.0.0
  MAC = 00:c2:c6:52:1c:56
  GATEWAY = 0.0.0.0/255.255.255.255
  DHCP SERV =
  DHCP LEASE OBTAINED = Sun Mar 06 21:31:34 2016
  DHCP LEASE EXPIRES  = Sun Mar 06 21:31:34 2016
  DNS SERV =
Intel(R) Centrino(R) Wireless-N 2230
  Index = 4
  GUID = {E6ABABDE-DBB3-4C3F-A306-2C613D7C7CCB}
  IP = 0.0.0.0/0.0.0.0
  MAC = 00:c2:c6:52:1c:55
  GATEWAY = 0.0.0.0/255.255.255.255
  DHCP SERV =
  DHCP LEASE OBTAINED = Sun Mar 06 21:31:34 2016
  DHCP LEASE EXPIRES  = Sun Mar 06 21:31:34 2016
  DNS SERV =
Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  Index = 3
  GUID = {4CDE337E-AB0D-4982-8482-29AD34ED0176}
  IP = 192.168.1.101/255.255.255.0
  MAC = 28:d2:44:58:9b:19
  GATEWAY = 192.168.1.1/255.255.255.255
  DHCP SERV = 192.168.1.1/255.255.255.255
  DHCP LEASE OBTAINED = Sun Mar 06 21:30:08 2016
  DHCP LEASE EXPIRES  = Sun Mar 06 23:30:08 2016
  DNS SERV = 8.8.8.8/255.255.255.255 8.8.4.4/255.255.255.255
VMware Virtual Ethernet Adapter for VMnet8
  Index = 47
  GUID = {ADD6AC9D-BA8F-4494-830B-16BC591C9BA7}
  IP = 192.168.196.1/255.255.255.0
  MAC = 00:50:56:c0:00:08
  GATEWAY = 0.0.0.0/255.255.255.255
  DNS SERV =
Sun Mar 06 21:31:34 2016 Initialization Sequence Completed With Errors (
see http://openvpn.net/faq.html#dhcpclientserv )
Sun Mar 06 21:31:34 2016 MANAGEMENT:
>STATE:1457299894,CONNECTED,ERROR,10.8.1.0,[MASKED_SERVER_IP]


So it is weird. 10.8.0.5 should be the client with one static IP.

2016-03-06 19:33 GMT+00:00 Selva Nair <selva.n...@gmail.com>:

>
> On Sun, Mar 6, 2016 at 2:17 PM, Zoltán Szabó <zo...@zoell.us> wrote:
>
>> Sun Mar 06 19:33:39 2016 Set TAP-Windows TUN subnet mode
>> network/local/netmask = 10.8.1.0/10.8.1.2/10.8.1.1 [SUCCEEDED]
>> Sun Mar 06 19:33:39 2016 MANAGEMENT: Client disconnected
>> Sun Mar 06 19:33:39 2016 ERROR: --ip-win32 dynamic [offset] : offset is
>> outside of --ifconfig subnet
>> Sun Mar 06 19:33:39 2016 Exiting due to fatal error
>>
>> First I tought this is something to do with this line:
>> push "topology subnet"
>>
>> So I changed it to just:
>> topology subnet
>>
>
> The push syntax is correct, but your client is getting the wrong netmask,
> it seems. Please post the new server config.
>
> Selva
>

------------------------------------------------------------------------------

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Changing openvpn dhcp pool

Reply via email to