The local and remote VPN endpoints cannot use

[sunilmh]

Hi,

I'm getting error mentioned below when I run the client on windows machine.

ifconfig endpoints [local=X.X.X.X, remote=X.X.X.X]. The local and remote VPN endpoints cannot use the first or last address within a given 255.255.255.252 subnet.This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.

But I'm able to connect without any issues from linux machine.
Any input to this query helps me to resolve the issue.


- Sunil

[maikcat]

without configs,its a little difficult to help you out..

Michael.

[sunilmh]

Here are the config details

-edited by maikcat (removed comments from conf)-

server.conf

Code: Select all

 
ccd-exclusive
management 0.0.0.0 7509
resolv-retry infinite
proto udp 
dev tun 
fragment 1400
mssfix
ca /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/ca.crt
cert /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.crt
key /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/dh1024.pem
server 10.3.0.16 255.255.255.240
push "route 192.168.0.0 255.255.255.0"
push "route 10.30.14.0 255.255.254.0"
client-config-dir /usr/local/src/openvpn-2.1.4/test_ccd/ccd
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn_tmp.log
verb 6
;mute 20                                                

client.conf

Code: Select all

 
client
float
;auth-user-pass
auth-nocache
dev tun 
proto udp 
remote 10.xx.xx.xxx 1199
nobind
ca ca.crt
cert usr1.crt
key usr1.key
remote-cert-tls server
comp-lzo
verb 1
ping 10
;route remote_host default net_gateway
fragment 1400
mssfix

server tunnel details

Code: Select all

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.3.0.17  P-t-P:10.3.0.18  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Client from linux machine able to connect, only issue with running client from windows.
As the error itself suggests, I guess there is some limitation with TAP-Win32 driver

THANKS
- Sunil

[maikcat]

hi there,

you use ccd-exclusive,
can you post the contents of ccd file usr1?

Michael.

[sunilmh]

Hi Michael

ccd config details ..

Code: Select all

ifconfig-push 10.3.0.24 10.3.0.25

[maikcat]

>ifconfig-push 10.3.0.24 10.3.0.25

try this

ifconfig-push 10.3.0.26 10.3.0.25

Michael.

[sunilmh]

hey it worked ..
thanks a lot Michael

Can you explain me a bit more on this issue ?

[maikcat]

>Can you explain me a bit more on this issue ?

easy

first download ip subnet calculator

you use 10.3.0.16 network with 255.255.255.240 mask

that means for the second segment the network portion is 10.3.0.16 and 10.3.0.31 is broadcast
the usuable ips are 17-to-30 ,ok so far?

from the above range you give ips to openvpn clients,
if you use tun mode the default subnetting is /30 networks
means the following

network -- ip1 -- ip2 -- broadcast
10.3.0.16 - 10.3.0.17 - 10.3.0.18 - 10.3.0.19
10.3.0.20 - 10.3.0.21 - 10.3.0.22 - 10.3.0.23
10.3.0.24 - 10.3.0.25 - 10.3.0.26 - 10.3.0.27
10.3.0.28 - 10.3.0.29 - 10.3.0.30 - 10.3.0.31

you were giving 24-25 ,the network and the first one (check line 3 from above..)

got it?

Michael.

[sunilmh]

THANKS a lot Michael ...

[maikcat]

glad to helped you.

closing topic

Michael.