how to change VPN netmask?

Discussion in 'Server Operation' started by please, Sep 12, 2009.

  1. please

    please New Member

    Dear All

    I am running openvpn server ,I got with netmask 255.255.255.252 when connected to my vpn server from client.

    How can I change ths netmask to 255.255.255.0?
    I connected from 2 client sites but I can`t ping to client to client .
    I think ,due the netmask.

    Thanks
     
  2. dipeshmehta

    dipeshmehta Member

    Hi,

    OpenVPN uses this subnet (i.e. 4 private IP addresses per client) in order to provide compatibility with Windows clients due to the limitation of the TAP-Win32 driver's TUN emulation mode. If you know that only non-Windows clients will be connecting to your OpenVPN server, you can avoid this behavior by using the ifconfig-pool-linear directive.

    This should not be problem for client-to-client directive, if you have enabled client-to-client into your server.conf

    You may please post your .conf files here, it would be easier for everyone who can assist you.

    Dipesh
     
  3. please

    please New Member

    hi please check my openvpn.conf
    =========
    port 443
    proto udp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem
    server 192.168.41.0 255.255.255.0
    push "dhcp-option DNS 192.168.40.12"
    push "route 192.168.15.0 255.255.255.0"
    push "route 192.168.17.0 255.255.255.0"
    ifconfig-pool-persist ipp.txt
    keepalive 10 120
    comp-lzo
    user nobody
    group users
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    client-to-client
    duplicate-cn
    ============

    I connected from 192.168.15 network and 192.168.17 network to vpn server.
    i got 192.168.41.6 ,255.255.255.252 for 15.0 network and 192.168.41.18, 255.255.255.252 for 17.0 network.

    why I can`t access to 15 network to 17 network and 17 network to 15 network?

    I think problem in My subnetmask 255.255.255.252 .
    can you edit my servcer conf for changing netmask and accessing 15 to 17 and 17 to 15?

    Thanks
     
  4. dipeshmehta

    dipeshmehta Member

    Hello,

    Please let me know your lan ip-range at server side, and OS at client side.

    Moreover, please tell me, what exactly you want out of OpenVPN? Are you trying to connect just these two clients or would like to connect these three different networks?

    I am not master at OpenVPN, but I would try at the best.

    Dipesh
     
  5. please

    please New Member

    HI

    Thanks for your supporting

    MY server ip is 192.168.40.12 on eth0

    My client OS is XP and ip is 192.168.17.100. ip arrange is 17.0/24
     
  6. dipeshmehta

    dipeshmehta Member

    please remove both lines with push "route ...." from the openvpn.conf file (which is running at server), instead put
    Code:
    push "route 192.168.40.0 255.255.255.0"
    and restart openvpn.

    Now, connect both clients to vpn server and ping their tun ip (i.e. 192.168.41.6 and 192.168.41.18) from each other. it should work.

    If this works, put
    Code:
    route 192.168.15.0 255.255.255.0
    route 192.168.17.0 255.255.255.0
    into openvpn.conf and restart openvpn.

    Check again at both clients.

    please post the results here.

    Dipesh
     
  7. please

    please New Member

    Hi

    I got this error

    Mon Sep 14 10:08:41 2009 route ADD 192.168.40.0 MASK 255.255.255.0 192.168.41.5
    Mon Sep 14 10:08:41 2009 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=13]
    Mon Sep 14 10:08:41 2009 Route addition via IPAPI failed

    But I I got connected to Server.
    Can`t ping to other client.
    I think problem in subnet mask.

    Thanks
     
  8. dipeshmehta

    dipeshmehta Member

    I think it is problem with routing.

    Try adding route manually at xp client. (Btw, this fix is usually used for vista clients, xp should not have any problem adding routes). If it works, please put route directive into client.ovpn as
    Code:
    route-method exe 
    Btw, I would like to know, why you are using 192.168.41.0 network as VPN IP Address Pool, instead of their suggested 10.8.0.0 or any other pool in class A subnet. If there is no any specific reason, please modify your openvpn.conf file at server like this:
    Code:
    port 443  <-- this port is used for https, you may use port 1194 which is IANA assigned for OpenVPN.
    proto udp
    dev tun
    
    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem
    
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "route 192.168.40.0 255.255.255.0"
    push "dhcp-option DNS 192.168.40.12"
    duplicate-cn
    client-to-client
    keepalive 10 120
    user nobody
    group users
    persist-key
    persist-tun
    comp-lzo
    status openvpn-status.log
    verb 3
    
    Shall be waiting for progressive posts.

    Dipesh
     
  9. please

    please New Member

    Hi I got error after put the "route-method exe " in client.

    Mon Sep 14 14:09:15 2009 ERROR: Windows route add command failed: system() returned error code 1
    Mon Sep 14 14:09:15 2009 route ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.9
    The requested operation requires elevation.
    Mon Sep 14 14:09:15 2009 ERROR: Windows route add command failed: system() returned error code 1


    I think I am facing with problem in my vista.
     
  10. Franz

    Franz Member

    add route delay in config. thah works in our vista systems:

    Code:
    route-method exe
    route-delay 2
    
     
  11. please

    please New Member

    Hi

    thanks for your reply :)

    I got error same

    Mon Sep 14 14:52:35 2009 route ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
    The requested operation requires elevation.
    Mon Sep 14 14:52:35 2009 ERROR: Windows route add command failed: system() returned error code 1

    Thanks
     
  12. Franz

    Franz Member

    Hi,

    tray start conection as Administrator
     
  13. please

    please New Member

    Hi

    I need to run the admin account?
    I paid admin permission to my using account.
    Is It now OK?

    Thanks
     
  14. Franz

    Franz Member

    try with right click and then "Run as administrator"
     
  15. please

    please New Member

    Hi

    Thanks :)

    I got ping reply
    If I use with linux client, how can do?

    Thanks
     
  16. Franz

    Franz Member

    on debian / ubuntu

    Code:
    apt-get install openvpn
    and copy certificate and config file to /etc/openvpn, but change extension in config file to *.conf
    eg: client.ovpn -> client.conf

    and restart openvpn

    Code:
    /etc/init.d/openvpn restart
     
  17. please

    please New Member

    Hi Sir

    Thanks I will be test after linux OS install :)

    Can I share my full internet access from my VPN Server or my vpn client?
    If I got ,Can I share to my local-network from VPN?


    (has full internet access) (has full internet access)
    vista client <=> VPN server <=> xp client to localnetwork
     
    Last edited: Sep 14, 2009
  18. dipeshmehta

    dipeshmehta Member

    Obviously, you can access your entire network as you are sitting at office.
    e.g.
    vista client
    |
    V
    VPN Server
    |
    V
    192.168.40.xxx network


    Dipesh
     
  19. please

    please New Member

    Hi

    I mean I want to use Internet access from other client.

    example : If I am using 17.0 network , I want to internet access from 15.0.
    (17.0) to (15.0)

    Thanks
     
  20. dipeshmehta

    dipeshmehta Member

    You can add server directive into your openvpn.conf as
    Code:
    push "redirect-gateway"
    and NAT it appropriately by
    Code:
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    Btw, if you more clearly specify what do you want to have with VPN setup, it would be nice to suggest you accordingly.

    Dipesh
     

Share This Page