Hi Selva,
Thanks I have tired that config, but I receive some kind of error:
Sun Mar 06 19:33:38 2016 PUSH: Received control message:
'PUSH_REPLY,topology subnet,route-gateway 10.8.0.1,dhcp-option DNS
8.8.8.8,dhcp-option DNS 8.8.4.4,ping 10,ping-restart 300,ifconfig 10.8.1.2
10.8.1.1'
Sun Mar 06 19:33:38 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 06 19:33:38 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 06 19:33:38 2016 OPTIONS IMPORT: route-related options modified
Sun Mar 06 19:33:38 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Sun Mar 06 19:33:38 2016 do_ifconfig, tt->ipv6=0,
tt->did_ifconfig_ipv6_setup=0
Sun Mar 06 19:33:38 2016 MANAGEMENT: >STATE:1457292818,ASSIGN_IP,,10.8.1.2,
Sun Mar 06 19:33:38 2016 open_tun, tt->ipv6=0
Sun Mar 06 19:33:38 2016 TAP-WIN32 device [Ethernet 2] opened:
\\.\Global\{956E0460-9261-4CD3-A69F-D7B45057C62B}.tap
Sun Mar 06 19:33:38 2016 TAP-Windows Driver Version 9.21
Sun Mar 06 19:33:39 2016 NETSH: C:\WINDOWS\system32\netsh.exe interface ip
set address Ethernet 2 dhcp
Sun Mar 06 19:33:39 2016 Set TAP-Windows TUN subnet mode
network/local/netmask = 10.8.1.0/10.8.1.2/10.8.1.1 [SUCCEEDED]
Sun Mar 06 19:33:39 2016 MANAGEMENT: Client disconnected
Sun Mar 06 19:33:39 2016 ERROR: --ip-win32 dynamic [offset] : offset is
outside of --ifconfig subnet
Sun Mar 06 19:33:39 2016 Exiting due to fatal error
First I tought this is something to do with this line:
push "topology subnet"
So I changed it to just:
topology subnet
But after this I got a different error:
Sun Mar 06 19:42:17 2016 PUSH: Received control message:
'PUSH_REPLY,route-gateway 10.8.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS
8.8.4.4,ping 10,ping-restart 300,ifconfig 10.8.1.0 255.255.254.0'
Sun Mar 06 19:42:17 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 06 19:42:17 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 06 19:42:17 2016 OPTIONS IMPORT: route-related options modified
Sun Mar 06 19:42:17 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Sun Mar 06 19:42:17 2016 WARNING: Since you are using --dev tun with a
point-to-point topology, the second argument to --ifconfig must be an IP
address. You are using something (255.255.254.0) that looks more like a
netmask. (silence this warning with --ifconfig-nowarn)
Sun Mar 06 19:42:17 2016 do_ifconfig, tt->ipv6=0,
tt->did_ifconfig_ipv6_setup=0
Sun Mar 06 19:42:17 2016 MANAGEMENT: >STATE:1457293337,ASSIGN_IP,,10.8.1.0,
Sun Mar 06 19:42:17 2016 MANAGEMENT: Client disconnected
Sun Mar 06 19:42:17 2016 There is a problem in your selection of --ifconfig
endpoints [local=10.8.1.0, remote=255.255.254.0]. The local and remote VPN
endpoints must exist within the same 255.255.255.252 subnet. This is a
limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn
--show-valid-subnets' option for more info.
Sun Mar 06 19:42:17 2016 Exiting due to fatal error
Any idea? I know that in the net30 topology I need a second IP address for
the remote endpoint but here I want to use subnet so I guess I will need
the netmask, not sure why it shows this error for this configuration.
2016-03-06 18:45 GMT+00:00 Selva Nair <selva.n...@gmail.com>:
> Hi,
>
> On Sun, Mar 6, 2016 at 9:15 AM, Zoltán Szabó <zo...@zoell.us> wrote:
>
>> I would like to have dynamic IPs assigned from this range:
>> 10.8.1.0 - 10.8.1.254
>>
>> For this, I would like to use a /23, so 255.255.254.0
>>
> Exclude the last address 10.8.1.254 from the range as that will clash with
> the internal dhcp server address on windows -- it could be assigned to all
> non-windows clients, but easier just to exclude it.
>
>
>> And I will assign static IPs from this range:
>> 10.8.0.3 - 10.8.1.255 as 0.1 and 0.2 might be assigned to the server.
>>
> You mean 10.8.0.3 to 10.8.0.255 ?
>
>
>> I will use this to push to client for static ip:
>>
>> ifconfig-push 10.8.0.5 255.255.254.0
>>
>> Could you please help me to modify my config to achieve this?
>>
>
> I think replacing "server 10.8.0.0 255.255.255.0" in the server config by
> the following lines should do it:
>
> mode server
> tls-server
> push "topology subnet"
> ifconfig 10.8.0.1 255.255.254.0
> ifconfig-pool 10.8.1.0 10.8.1.253
> route-gateway 10.8.0.1
> push "route-gateway 10.8.0.1"
>
> Then push the static ip's in the range 10.8.0.3 to 10.8.0.255 with
> ifconfig-push in ccd files.
>
> Though this should work, I've seen things like routing to networks behind
> a client not work as expected with static ip's outside the pool, though
> within the subnet (writing from memory). Alternatively, one could keep the
> dynamic pool and static pool in separate subnets: i.e., keep the server
> directive as is, and assign static ips from outside that /24. Then you'll
> need some extra route directives to reach those clients.
>
> Selva
>
>
>
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
