Changing openvpn subnet does not work

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
ewrftw
OpenVpn Newbie
Posts: 2
Joined: Fri Jun 26, 2020 2:47 pm

Changing openvpn subnet does not work

Post by ewrftw » Fri Jun 26, 2020 3:15 pm

Hi, Here is my problem:
I want to change the internal openvpn subnet from 10.8.0.0/24 to 10.12.11.0/24. I changed the line "server 10.8.0.0 255.255.255.0" to "server 10.12.11.0 255.255.255.0" in the server.conf, however it does not work.
Here are the important lines from the client log:
Fri Jun 26 16:33:11 2020 us=93183 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 26 16:33:11 2020 us=93218 /sbin/ip link set dev tun0 up mtu 1500
Fri Jun 26 16:33:11 2020 us=96553 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Fri Jun 26 16:33:11 2020 us=106503 /sbin/ip route add 10.12.12.0/24 via 10.12.11.1

As you can see, the client still adds the old subnet. What can I do to solve this problem? I tried adding (ifconfig 10.12.11.0 255.255.255.0" to the server.conf, but it did not change anything.

All logs (minus personal information):
Server log:

Code: Select all

Jun 26 16:42:19 Serpent ovpn-server[12326]: Current Parameter Settings:
Jun 26 16:42:19 Serpent ovpn-server[12326]:   config = '/etc/openvpn/server.conf'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mode = 1
Jun 26 16:42:19 Serpent ovpn-server[12326]:   persist_config = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   persist_mode = 1
Jun 26 16:42:19 Serpent ovpn-server[12326]:   show_ciphers = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   show_digests = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   show_engines = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   genkey = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   key_pass_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   show_tls_ciphers = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   connect_retry_max = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: Connection profiles [0]:
Jun 26 16:42:19 Serpent ovpn-server[12326]:   proto = udp
Jun 26 16:42:19 Serpent ovpn-server[12326]:   local = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   local_port = '1194'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_port = '1194'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_float = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   bind_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   bind_local = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   bind_ipv6_only = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   connect_retry_seconds = 5
Jun 26 16:42:19 Serpent ovpn-server[12326]:   connect_timeout = 120
Jun 26 16:42:19 Serpent ovpn-server[12326]:   socks_proxy_server = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   socks_proxy_port = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tun_mtu = 1500
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tun_mtu_defined = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   link_mtu = 1500
Jun 26 16:42:19 Serpent ovpn-server[12326]:   link_mtu_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tun_mtu_extra = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tun_mtu_extra_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mtu_discover_type = -1
Jun 26 16:42:19 Serpent ovpn-server[12326]:   fragment = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mssfix = 1450
Jun 26 16:42:19 Serpent ovpn-server[12326]:   explicit_exit_notification = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: Connection profiles END
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_random = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ipchange = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   dev = 'tun'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   dev_type = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   dev_node = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   lladdr = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   topology = 3
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_local = '10.12.11.1'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_remote_netmask = '255.255.255.0'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_noexec = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_nowarn = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_ipv6_local = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_ipv6_netbits = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_ipv6_remote = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   shaper = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mtu_test = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mlock = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   keepalive_ping = 15
Jun 26 16:42:19 Serpent ovpn-server[12326]:   keepalive_timeout = 120
Jun 26 16:42:19 Serpent ovpn-server[12326]:   inactivity_timeout = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ping_send_timeout = 15
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ping_rec_timeout = 240
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ping_rec_timeout_action = 2
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ping_timer_remote = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remap_sigusr1 = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   persist_tun = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   persist_local_ip = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   persist_remote_ip = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   persist_key = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   passtos = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   resolve_retry_seconds = 1000000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   resolve_in_advance = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   username = 'openvpn'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   groupname = 'openvpn'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   chroot_dir = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   cd_dir = '/etc/openvpn'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   writepid = '/run/openvpn/server.pid'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   up_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   down_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   down_pre = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   up_restart = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   up_delay = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   daemon = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   inetd = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   log = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   suppress_timestamps = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   machine_readable_output = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   nice = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   verbosity = 5
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mute = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   gremlin = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   status_file = '/var/log/openvpn-status.log'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   status_file_version = 3
Jun 26 16:42:19 Serpent ovpn-server[12326]:   status_file_update_freq = 20
Jun 26 16:42:19 Serpent ovpn-server[12326]:   occ = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   rcvbuf = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   sndbuf = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mark = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   sockflags = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   fast_io = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   comp.alg = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   comp.flags = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_default_gateway = '10.12.11.2'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_default_metric = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_noexec = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_delay = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_delay_window = 30
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_delay_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_nopull = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   route_gateway_via_dhcp = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   allow_pull_fqdn = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_addr = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_port = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_user_pass = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_log_history_cache = 250
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_echo_buffer_size = 100
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_write_peer_info_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_client_user = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_client_group = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   management_flags = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   shared_secret_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   key_direction = not set
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ciphername = 'AES-256-CBC'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ncp_enabled = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   authname = 'SHA256'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   prng_hash = 'SHA1'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   prng_nonce_secret_len = 16
Jun 26 16:42:19 Serpent ovpn-server[12326]:   keysize = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   engine = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   replay = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   mute_replay_warnings = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   replay_window = 64
Jun 26 16:42:19 Serpent ovpn-server[12326]:   replay_time = 15
Jun 26 16:42:19 Serpent ovpn-server[12326]:   packet_id_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   use_iv = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   test_crypto = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_server = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_client = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   key_method = 2
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ca_path = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   dh_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   cert_file = '/etc/openvpn/easy-rsa/pki/issued/redacted.crt'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   extra_certs_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   priv_key_file = '/etc/openvpn/easy-rsa/pki/private/redacted.key'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs12_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   cipher_list = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   cipher_list_tls13 = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_cert_profile = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_verify = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_export_cert = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   verify_x509_type = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   verify_x509_name = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   crl_file = '/etc/openvpn/crl.pem'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ns_cert_type = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 65535
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   remote_cert_eku = 'TLS Web Client Authentication'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ssl_flags = 192
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_timeout = 2
Jun 26 16:42:19 Serpent ovpn-server[12326]:   renegotiate_bytes = -1
Jun 26 16:42:19 Serpent ovpn-server[12326]:   renegotiate_packets = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   renegotiate_seconds = 3600
Jun 26 16:42:19 Serpent ovpn-server[12326]:   handshake_window = 60
Jun 26 16:42:19 Serpent ovpn-server[12326]:   transition_window = 3600
Jun 26 16:42:19 Serpent ovpn-server[12326]:   single_session = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_peer_info = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_exit = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_auth_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tls_crypt_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_pin_cache_period = -1
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_id = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pkcs11_id_management = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_network = 10.12.11.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_netmask = 255.255.255.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_network_ipv6 = ::
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_netbits_ipv6 = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_bridge_ip = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_bridge_netmask = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_bridge_pool_start = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   server_bridge_pool_end = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_entry = 'route 10.12.12.0 255.255.255.0'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_entry = 'route-gateway 10.12.11.1'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_entry = 'topology subnet'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_entry = 'ping 15'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_entry = 'ping-restart 120'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_pool_defined = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_pool_start = 10.12.11.2
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_pool_end = 10.12.11.253
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_pool_netmask = 255.255.255.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_pool_persist_filename = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_pool_persist_refresh_freq = 600
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_ipv6_pool_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_ipv6_pool_base = ::
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ifconfig_ipv6_pool_netbits = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   n_bcast_buf = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tcp_queue_limit = 64
Jun 26 16:42:19 Serpent ovpn-server[12326]:   real_hash_size = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]:   virtual_hash_size = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]:   client_connect_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   learn_address_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   client_disconnect_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   client_config_dir = '/etc/openvpn/ccd'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   ccd_exclusive = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   tmp_dir = '/tmp'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_ifconfig_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_ifconfig_local = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_ifconfig_remote_netmask = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_ifconfig_ipv6_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_ifconfig_ipv6_local = ::/0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   push_ifconfig_ipv6_remote = ::
Jun 26 16:42:19 Serpent ovpn-server[12326]:   enable_c2c = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   duplicate_cn = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   cf_max = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   cf_per = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   max_clients = 1024
Jun 26 16:42:19 Serpent ovpn-server[12326]:   max_routes_per_client = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]:   auth_user_pass_verify_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   auth_user_pass_verify_script_via_file = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   auth_token_generate = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   auth_token_lifetime = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]:   port_share_host = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   port_share_port = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]:   client = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   pull = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]:   auth_user_pass_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Jun 26 16:42:19 Serpent ovpn-server[12326]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Jun 26 16:42:19 Serpent ovpn-server[12326]: ECDH curve prime256v1 added
Jun 26 16:42:19 Serpent ovpn-server[12326]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jun 26 16:42:19 Serpent ovpn-server[12326]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jun 26 16:42:19 Serpent ovpn-server[12326]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jun 26 16:42:19 Serpent ovpn-server[12326]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jun 26 16:42:19 Serpent ovpn-server[12326]: TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Jun 26 16:42:19 Serpent ovpn-server[12326]: TUN/TAP device tun0 opened
Jun 26 16:42:19 Serpent ovpn-server[12326]: TUN/TAP TX queue length set to 100
Jun 26 16:42:19 Serpent ovpn-server[12326]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jun 26 16:42:19 Serpent ovpn-server[12326]: /sbin/ip link set dev tun0 up mtu 1500
Jun 26 16:42:19 Serpent ovpn-server[12326]: /sbin/ip addr add dev tun0 10.12.11.1/24 broadcast 10.12.11.255
Jun 26 16:42:19 Serpent ovpn-server[12326]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Jun 26 16:42:19 Serpent ovpn-server[12326]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Jun 26 16:42:19 Serpent ovpn-server[12326]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Jun 26 16:42:19 Serpent ovpn-server[12326]: UDPv4 link local (bound): [AF_INET][undef]:1194
Jun 26 16:42:19 Serpent ovpn-server[12326]: UDPv4 link remote: [AF_UNSPEC]
Jun 26 16:42:19 Serpent ovpn-server[12326]: GID set to openvpn
Jun 26 16:42:19 Serpent ovpn-server[12326]: UID set to openvpn
Jun 26 16:42:19 Serpent ovpn-server[12326]: MULTI: multi_init called, r=256 v=256
Jun 26 16:42:19 Serpent ovpn-server[12326]: IFCONFIG POOL: base=10.12.11.2 size=252, ipv6=0
Jun 26 16:42:19 Serpent ovpn-server[12326]: Initialization Sequence Completed
Jun 26 16:42:30 Serpent ovpn-server[12326]: MULTI: multi_create_instance called
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Re-using SSL/TLS context
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 TLS: Initial packet from [AF_INET]myip:49469, sid=b9468b53 f5fe98c8
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY OK: depth=1, CN=ChangeMe
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY KU OK
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Validating certificate extended key usage
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY EKU OK
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY OK: depth=0, CN=hashcat
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_VER=2.4.9
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_PLAT=linux
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_PROTO=2
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_NCP=2
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_LZ4=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_LZ4v2=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_LZO=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_COMP_STUB=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_COMP_STUBv2=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_TCPNL=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 [pc] Peer Connection Initiated with [AF_INET]myip:49469
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/hashcat
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 MULTI ERROR: primary virtual IP for hashcat/myip:49469 (10.8.0.3) violates tunnel network/netmask constraint (10.12.11.0/255.255.255.0)
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 MULTI: Learn: 10.8.0.3 -> hashcat/myip:49469
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 MULTI: primary virtual IP for hashcat/myip:49469: 10.8.0.3
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 PUSH: Received control message: 'PUSH_REQUEST'
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 SENT CONTROL [hashcat]: 'PUSH_REPLY,route 10.12.12.0 255.255.255.0,route-gateway 10.12.11.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Data Channel: using negotiated cipher 'AES-256-GCM'
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client log:

Code: Select all


Fri Jun 26 16:55:34 2020 us=198444 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 16 2020
Fri Jun 26 16:55:34 2020 us=198473 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Fri Jun 26 16:55:34 2020 us=198672 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Enter Private Key Password: **********
Fri Jun 26 16:55:36 2020 us=65829 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jun 26 16:55:36 2020 us=65900 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jun 26 16:55:36 2020 us=65925 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jun 26 16:55:36 2020 us=65955 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jun 26 16:55:36 2020 us=66105 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Jun 26 16:55:36 2020 us=68663 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Jun 26 16:55:36 2020 us=68751 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Jun 26 16:55:36 2020 us=68777 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Jun 26 16:55:36 2020 us=68805 TCP/UDP: Preserving recently used remote address: [AF_INET]188.104.144.52:1194
Fri Jun 26 16:55:36 2020 us=68851 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jun 26 16:55:36 2020 us=68873 UDP link local: (not bound)
Fri Jun 26 16:55:36 2020 us=68891 UDP link remote: [AF_INET]remoteip:1194
WRFri Jun 26 16:55:36 2020 us=98206 TLS: Initial packet from [AF_INET]remoteip:1194, sid=23286c93 b1b5db01
WWRWRFri Jun 26 16:55:36 2020 us=140527 VERIFY OK: depth=1, CN=ChangeMe
Fri Jun 26 16:55:36 2020 us=141439 VERIFY KU OK
Fri Jun 26 16:55:36 2020 us=141481 Validating certificate extended key usage
Fri Jun 26 16:55:36 2020 us=141503 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Jun 26 16:55:36 2020 us=141526 VERIFY EKU OK
Fri Jun 26 16:55:36 2020 us=141543 VERIFY X509NAME OK: CN=red.
Fri Jun 26 16:55:36 2020 us=141559 VERIFY OK: depth=0, CN=red
Fri Jun 26 16:55:36 2020 us=219532 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Fri Jun 26 16:55:36 2020 us=219609 [red] Peer Connection Initiated with [AF_INET]remoteip:1194
Fri Jun 26 16:55:37 2020 us=389953 SENT CONTROL [red]: 'PUSH_REQUEST' (status=1)
Fri Jun 26 16:55:37 2020 us=420334 PUSH: Received control message: 'PUSH_REPLY,route 10.12.12.0 255.255.255.0,route-gateway 10.12.11.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Fri Jun 26 16:55:37 2020 us=420501 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jun 26 16:55:37 2020 us=420529 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jun 26 16:55:37 2020 us=420547 OPTIONS IMPORT: route options modified
Fri Jun 26 16:55:37 2020 us=420563 OPTIONS IMPORT: route-related options modified
Fri Jun 26 16:55:37 2020 us=420580 OPTIONS IMPORT: peer-id set
Fri Jun 26 16:55:37 2020 us=420597 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Jun 26 16:55:37 2020 us=420613 OPTIONS IMPORT: data channel crypto options modified
Fri Jun 26 16:55:37 2020 us=420631 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Jun 26 16:55:37 2020 us=420660 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Jun 26 16:55:37 2020 us=420828 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jun 26 16:55:37 2020 us=420853 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jun 26 16:55:37 2020 us=421096 ROUTE_GATEWAY 10.11.11.1/255.255.255.0 IFACE=enp59s0 HWADDR=80:fa:5b:21:05:53
Fri Jun 26 16:55:37 2020 us=421730 TUN/TAP device tun0 opened
Fri Jun 26 16:55:37 2020 us=421817 TUN/TAP TX queue length set to 100
Fri Jun 26 16:55:37 2020 us=421856 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 26 16:55:37 2020 us=421891 /sbin/ip link set dev tun0 up mtu 1500
Fri Jun 26 16:55:37 2020 us=424710 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Fri Jun 26 16:55:37 2020 us=440392 /sbin/ip route add 10.12.12.0/24 via 10.12.11.1
RTNETLINK answers: Network is unreachable
Fri Jun 26 16:55:37 2020 us=443652 ERROR: Linux route add command failed: external program exited with error status: 2
Fri Jun 26 16:55:37 2020 us=443760 Initialization Sequence Completed
Fri Jun 26 16:55:39 2020 us=291818 event_wait : Interrupted system call (code=4)
Fri Jun 26 16:55:39 2020 us=292197 TCP/UDP: Closing socket
Fri Jun 26 16:55:39 2020 us=292310 Closing TUN/TAP interface
Fri Jun 26 16:55:39 2020 us=292348 /sbin/ip addr del dev tun0 10.8.0.3/24
Fri Jun 26 16:55:39 2020 us=324385 SIGINT[hard,] received, process exiting
server conf:
server

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/red.crt
key /etc/openvpn/easy-rsa/pki/private/red.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.12.11.0 255.255.255.0
# Set your primary domain name server address for clients
#push "dhcp-option DNS 10.8.0.1"
#push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
#push "route 10.11.12.1 255.255.255.255"
#push "route 10.11.12.0 255.255.255.0"
push "route 10.12.12.0 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 5
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
Top
User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Changing openvpn subnet does not work

Post by TinCanTech » Fri Jun 26, 2020 3:24 pm

Look in your CCD file.
Top
ewrftw
OpenVpn Newbie
Posts: 2
Joined: Fri Jun 26, 2020 2:47 pm

Re: Changing openvpn subnet does not work

Post by ewrftw » Fri Jun 26, 2020 3:30 pm

Thank you, that's it! I had to change the files in the ccd folder accordingly and now it works (after also changing the iptables routing).
Top
Post Reply

Return to “Configuration”