Page 1 of 1

topology net30 error using subnet topology

Posted: Fri Jul 23, 2021 2:44 pm
by jofre
Hi,
I have a working OpenVPN Server using the following server configuration:

Code: Select all

port PORT
proto udp
dev tun

ca ca.crt
cert server.crt
dh dh.pem
crl-verify crl.pem

topology subnet

server 10.XX.0.0 255.255.0.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd

push "redirect-gateway def1"
push "dhcp-option DNS 10.XX.0.1" 
                                                
client-to-client
keepalive 10 120

cipher AES-256-CBC
auth SHA256

user nobody
group nogroup

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

verb 4
mute 10
mute-replay-warnings

explicit-exit-notify 1
client configuration is:

Code: Select all

client
dev tun
proto udp
remote  SERVER PORT

resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server

cipher AES-256-CBC
auth SHA256
key-direction 1
verb 3
<ca>
</ca>
<cert>
<key>
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
a working client-config looks like:

Code: Select all

ifconfig-push 10.XX.0.72 255.255.0.0
This works fine in MacOS, Android and IOS.

I want to create some profiles to redirect only DNS request trough the VPN
To achieve this I created client configuration files like:

Code: Select all

ifconfig-push 10.XX.64.2 255.255.255.255
push-reset
push "dhcp-option DNS 10.XX.0.1"
push "route 10.XX.0.1 255.255.255.255"
This work fine in MacOS (using Tunnelblick 3.8.5a) but when I try it on an Android (net.openvpn.connect.android_3.2.4-5891) I get the error:


TUN Error: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)
EVENT: TUN_SETUP_FAILED info='tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)


any idea why I get this net30 error in the Android client when I'm using subnet topology ?
any idea how to fix it?
do I need to specify net topology in the client configuration? I currently don't do it for the "full VPN" case and it works fine

Thanks

Re: topology net30 error using subnet topology

Posted: Fri Jul 23, 2021 3:12 pm
by TinCanTech
--push-reset resets --topology to NET30 .. Use --push-remove instead.

Re: topology net30 error using subnet topology

Posted: Fri Jul 23, 2021 4:27 pm
by jofre
Thanks,

I changed the (server) client config file to:

Code: Select all

ifconfig-push 10.XX.64.2 255.255.255.255
push-remove route
push-remove redirect-gateway
push "route 10.XX.0.1 255.255.255.255"
and now it works as expected in Android but not in Thunderblick (!!?)
In this case most of the settings are applied as expected but now the push "route 10.XX.0.1 255.255.255.255" is ignored in the Mac

I know this is not the place but if by any chance someones knows why I'll apreciate a response