This forum is for admins who are looking to build or expand their OpenVPN setup.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
karldonteljames
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 12, 2021 6:28 am
Post
by karldonteljames » Wed May 12, 2021 6:33 am
Hello, I'm trying to configure my OVPN server at the moment but having a few issues.
My network is configured out as follows:
LAN 10.0/24
IoT 12.0/24
Guests 13.0/24
OVPN 14.0/24
OVPN static IP at 14.1 port forwarding all working ok, as it was connecting, but couldn't connect to any services on my plan. I've now got the below in my config, but I just cannot connect. I've tried looking through documents but just cannot see where or how I've gone wrong. If someone could explain to me my mistakes, I assume I've misunderstood something.
Code: Select all
port 1194
proto tcp-server
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
mode server
ifconfig 192.168.14.1
ifconfig-pool 192.168.14.5 192.168.14.8
#push "route-gateway 192.168.14.254"
push "route 192.168.14.1"
push "dhcp-option DNS 192.168.14.254"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert HIDDEN.KEY
key HIDDEN.KEY
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
-
karldonteljames
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 12, 2021 6:28 am
Post
by karldonteljames » Wed May 12, 2021 10:51 am
I'm able to get it throw up an error message now.
There is a problem in your selection of --ifconfig endpoints [local=192.168.14.5, remote=255.255.255.0]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Wed May 12, 2021 8:37 pm
karldonteljames wrote: ↑Wed May 12, 2021 10:51 am
There is a problem in your selection of --
ifconfig endpoints
See --
ifconfig in the manual.
-
karldonteljames
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 12, 2021 6:28 am
Post
by karldonteljames » Wed May 12, 2021 10:19 pm
I've since managed to get the client connected, but cannot ping or connect to any other IP in ANY of the subnets, IoT, LAN, or OVPN.
current config is:
Code: Select all
port 1194
proto tcp-server
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
mode server
tls-server
push "topology subnet"
ifconfig 192.168.14.1 255.255.255.252
ifconfig-pool 192.168.14.2 192.168.14.3
#push "route-gateway 192.168.14.254"
#push "redirect-gateway def1"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert HIDDEN
key HIDDEN
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Wed May 12, 2021 11:57 pm
You need a script, like Nyr, to do it for you. Search github, it's not hard to find.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Thu May 13, 2021 9:53 am
That is not the server you are trying to use.
-
karldonteljames
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 12, 2021 6:28 am
Post
by karldonteljames » Thu May 13, 2021 12:02 pm
TinCanTech wrote: ↑Thu May 13, 2021 9:53 am
That is not the server you are trying to use.
Sorry I'm confused.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Thu May 13, 2021 12:08 pm
The server file you posted is not created by that script.
