Page 1 of 1
The local and remote VPN endpoints cannot use
Posted: Tue Jul 05, 2011 12:36 pm
by sunilmh
Hi,
I'm getting error mentioned below when I run the client on windows machine.
ifconfig endpoints [local=X.X.X.X, remote=X.X.X.X]. The local and remote VPN endpoints cannot use the first or last address within a given 255.255.255.252 subnet.This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.
But I'm able to connect without any issues from linux machine.
Any input to this query helps me to resolve the issue.
- Sunil
Re: The local and remote VPN endpoints cannot use
Posted: Tue Jul 05, 2011 12:56 pm
by maikcat
without configs,its a little difficult to help you out..
Michael.
Re: The local and remote VPN endpoints cannot use
Posted: Wed Jul 06, 2011 6:33 am
by sunilmh
Here are the config details
-edited by maikcat (removed comments from conf)-
server.conf
Code: Select all
ccd-exclusive
management 0.0.0.0 7509
resolv-retry infinite
proto udp
dev tun
fragment 1400
mssfix
ca /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/ca.crt
cert /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.crt
key /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/server.key # This file should be kept secret
dh /usr/local/src/openvpn-2.1.4/easy-rsa/2.0/keys/dh1024.pem
server 10.3.0.16 255.255.255.240
push "route 192.168.0.0 255.255.255.0"
push "route 10.30.14.0 255.255.254.0"
client-config-dir /usr/local/src/openvpn-2.1.4/test_ccd/ccd
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn_tmp.log
verb 6
;mute 20
client.conf
Code: Select all
client
float
;auth-user-pass
auth-nocache
dev tun
proto udp
remote 10.xx.xx.xxx 1199
nobind
ca ca.crt
cert usr1.crt
key usr1.key
remote-cert-tls server
comp-lzo
verb 1
ping 10
;route remote_host default net_gateway
fragment 1400
mssfix
server tunnel details
Code: Select all
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.3.0.17 P-t-P:10.3.0.18 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Client from linux machine able to connect, only issue with running client from windows.
As the error itself suggests, I guess there is some limitation with TAP-Win32 driver
THANKS
- Sunil
Re: The local and remote VPN endpoints cannot use
Posted: Wed Jul 06, 2011 8:03 am
by maikcat
hi there,
you use ccd-exclusive,
can you post the contents of ccd file usr1?
Michael.
Re: The local and remote VPN endpoints cannot use
Posted: Wed Jul 06, 2011 8:43 am
by sunilmh
Hi Michael
ccd config details ..
Re: The local and remote VPN endpoints cannot use
Posted: Wed Jul 06, 2011 8:48 am
by maikcat
>ifconfig-push 10.3.0.24 10.3.0.25
try this
ifconfig-push 10.3.0.26 10.3.0.25
Michael.
Re: The local and remote VPN endpoints cannot use
Posted: Wed Jul 06, 2011 12:02 pm
by sunilmh
hey it worked ..
thanks a lot Michael
Can you explain me a bit more on this issue ?
Re: The local and remote VPN endpoints cannot use
Posted: Wed Jul 06, 2011 12:20 pm
by maikcat
>Can you explain me a bit more on this issue ?
easy
first download ip subnet calculator
you use 10.3.0.16 network with 255.255.255.240 mask
that means for the second segment the network portion is 10.3.0.16 and 10.3.0.31 is broadcast
the usuable ips are 17-to-30 ,ok so far?
from the above range you give ips to openvpn clients,
if you use tun mode the default subnetting is /30 networks
means the following
network -- ip1 -- ip2 -- broadcast
10.3.0.16 - 10.3.0.17 - 10.3.0.18 - 10.3.0.19
10.3.0.20 - 10.3.0.21 - 10.3.0.22 - 10.3.0.23
10.3.0.24 - 10.3.0.25 - 10.3.0.26 - 10.3.0.27
10.3.0.28 - 10.3.0.29 - 10.3.0.30 - 10.3.0.31
you were giving 24-25 ,the network and the first one (check line 3 from above..)
got it?
Michael.
Re: The local and remote VPN endpoints cannot use
Posted: Thu Jul 07, 2011 9:21 am
by sunilmh
THANKS a lot Michael ...
Re: The local and remote VPN endpoints cannot use
Posted: Thu Jul 07, 2011 9:23 am
by maikcat
glad to helped you.
closing topic
Michael.