This forum is for admins who are looking to build or expand their OpenVPN setup.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
Final9mare
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Mar 11, 2017 11:43 pm
Post
by Final9mare » Sun Mar 12, 2017 9:22 am
Im not sure why i am getting an ip route conflict when I connect my router to the openvpn
Code: Select all
Mar 11 21:20:10 openvpn[6933]: TUN/TAP device tun15 opened
Mar 11 21:20:10 openvpn[6933]: TUN/TAP TX queue length set to 100
Mar 11 21:20:10 openvpn[6933]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 11 21:20:10 openvpn[6933]: /sbin/ifconfig tun15 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 192.168.1.0 255.255.255.0
Mar 11 21:20:10 openvpn[6933]: Initialization Sequence Completed
my server conf:
Code: Select all
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1 bypass-dhcp"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
client-to-client
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client-config-dir /etc/openvpn/ccd
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sun Mar 12, 2017 12:26 pm
Final9mare wrote:Mar 11 21:20:10 openvpn[6933]: /sbin/ifconfig tun15 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
It looks like you are running more than one instance of openvpn ..
Final9mare wrote:Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 192.168.1.0 255.255.255.0
Your server does not need to be configured with the route for its LAN .. it's already done.
Also,
- NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN
- You are advised to change your server LAN to a more unique RFC1918 compliant subnet.
For example: 192.168.143.0/24
Out of curiosity, what version of openvpn is that ?
-
Final9mare
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Mar 11, 2017 11:43 pm
Post
by Final9mare » Sun Mar 12, 2017 9:49 pm
I understand that using the common subnet is a problem but I am just testing it before I deploy it. I did not know the server routed the LAN automatically. I am still not able to access the LAN from my phone though. The documentation I was reading said I needed to do this. I am at a loss.
The Version is this
Code: Select all
OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sun Mar 12, 2017 11:54 pm
Final9mare wrote: I did not know the server routed the LAN automatically
It does not .. please read this:
HOWTO: Expanding the scope of the VPN to include additional machines
Note, the server LAN is handled by the server network stack ..
This message:
Final9mare wrote:Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
does
not appear in the openvpn 2.3.11 source code, so I am guessing it is something to do with your router.
It also, very likely, means you are running two openvpns with
that same subnet.
-
Final9mare
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Mar 11, 2017 11:43 pm
Post
by Final9mare » Mon Mar 13, 2017 1:05 am
Are you suggesting im running two openvpns on my VPS side?
-
Final9mare
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Mar 11, 2017 11:43 pm
Post
by Final9mare » Mon Mar 13, 2017 1:15 am
Okay I understand, I am not routing any LAN on the server side so i don't need the first part of that HOWTO. However I am trying to include the subnet on the client side. I created the ccd file and did the
and then I add to the server conf
and then I also add
Code: Select all
client-to-client
push "route 192.168.1.0 255.255.255.0"
What am I doing wrong? that is not letting my other client which is a phone access the LAN?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Mon Mar 13, 2017 1:26 am
Stop using 192.168.1.0/24
everywhere
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Mon Mar 13, 2017 1:49 am
I think you need to learn about routing and so : tincanteksup <at> gmail
If anybody else wants to step in here .. please do.