How do I set up a OpenVPN server on pfsense

openvpn pfsense

6,101

I don't know about pfSense, but from the OpenVPN perspective the line of interest here is

Options error: --server directive network/netmask combination is invalid

This means that you've specified a VPN network address and netmask that do not combine. OpenVPN checks the network address to have zeroes where the netmask expects zeroes. E.g. 192.168.1.0 + 255.255.255.0 matches, but 192.168.1.1 + 255.255.255.0 does not match.

In your case, you should select a (private) network segment which is not used in your local network, e.g. 10.0.8.0, for your tunnel network instead of your WAN IP. OpenVPN will assign addresses from that range to connecting clients.

6,101

Ryu

Updated on September 18, 2022

Comments

Ryu almost 2 years
How do I set up a OpenVPN server on pfsense? I want to be able to VPN in from a labptop when I am on the road. I set up a openvpn server in the openvpn menu. I duplicated that NAT rules for the VPN server. I tried opening the fire wall ports. I also set up the certificates, made a user account (put a certificate on that) as well as turned on the interface. I am thinking my next step has something to do with fixing it so the vpn server process can run but I am not sure why it will not start. I also think my firewall rules should be done better so I don't leave a port wide open but I'm not sure how.

I cleared all the logs and then tried to start up the VPN server. I got this:
```
Jun 26 00:30:57     openvpn[26660]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jun 26 00:30:57     openvpn[26660]: MANAGEMENT: CMD 'state 1'
Jun 26 00:30:57     openvpn[26660]: MANAGEMENT: Client disconnected
Jun 26 00:30:57     openvpn[34295]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jun 26 00:30:57     openvpn[34295]: MANAGEMENT: CMD 'state 1'
Jun 26 00:30:57     openvpn[34295]: MANAGEMENT: CMD 'status 2'
Jun 26 00:30:57     openvpn[34295]: MANAGEMENT: Client disconnected
Jun 26 00:30:57     openvpn[45727]: MANAGEMENT: Client connected from /var/etc/openvpn/client4.sock
Jun 26 00:30:57     openvpn[45727]: MANAGEMENT: CMD 'state 1'
Jun 26 00:30:57     openvpn[45727]: MANAGEMENT: CMD 'status 2'
Jun 26 00:30:57     openvpn[45727]: MANAGEMENT: Client disconnected
Jun 26 00:30:59     openvpn[87234]: Options error: --server directive network/netmask combination is invalid
Jun 26 00:30:59     openvpn[87234]: Use --help for more information.
Jun 26 00:31:10     openvpn[26660]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jun 26 00:31:10     openvpn[26660]: MANAGEMENT: CMD 'state 1'
Jun 26 00:31:10     openvpn[34295]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jun 26 00:31:10     openvpn[26660]: MANAGEMENT: Client disconnected
Jun 26 00:31:10     openvpn[34295]: MANAGEMENT: CMD 'state 1'
Jun 26 00:31:10     openvpn[34295]: MANAGEMENT: CMD 'status 2'
Jun 26 00:31:10     openvpn[34295]: MANAGEMENT: Client disconnected
Jun 26 00:31:10     openvpn[45727]: MANAGEMENT: Client connected from /var/etc/openvpn/client4.sock
Jun 26 00:31:10     openvpn[45727]: MANAGEMENT: CMD 'state 1'
Jun 26 00:31:10     openvpn[45727]: MANAGEMENT: CMD 'status 2'
Jun 26 00:31:10     openvpn[45727]: MANAGEMENT: Client disconnected
```
I have a guess that this has something to do with my "IPv4 Tunnel Network" and "IPv4 Local Network/s"

My IPv4 Tunnel Network is: WAN_ip/24

MY IPv4 Local Network/s is: LAN_ip/24

I am not sure this is what is suppose to be here.

edit: I found two issues. My WAN_ip should not have been my WAN_ip but a made up ip. Also, I was not specifying to for it to get log in account information correctly. I can now connect to the VPN but it gives no internet.
- Ryu about 10 years
  
  I set up a openvpn server in the openvpn menu. I duplicated that NAT rules for the VPN server. I tried opening the fire wall ports. The process itself is not running
- Ryu about 10 years
  
  I forgot to mention that I also set up the certificates, made a user account (put a certificate on that) as well as turned on the interface. I am thinking my next step has something to do with fixing it so the vpn server process can run but I am not sure why it will not start. I also think my firewall rules should be done better so I don't leave a port wide open but I'm not sure how.
- drs about 10 years
  
  You can edit the question using the link just below the question tags. Write all of those details into the question because they're much less noticeable down here in the comments.
- drs about 10 years
  
  Are there any system logs that you can check that may give a clue about what the problem is?
- Ryu almost 10 years
  
  Logs are posted above
- drs almost 10 years
  
  You've done a nice job improving this question, but I'm out of advice. I'd try to look into what's causing the options error in the logs. If you've set up the VPN from a GUI, try Googling that line in the logs.
- Ryu almost 10 years
  
  Anyone have an idea?
- Ryu almost 10 years
  
  Updated information on the problem
- drs almost 10 years
  
  Glad to hear you're making progress. Check your logs again. Did the answer below solve the error reported before? Is VPN service started now? If so 1) accept that answer because it solved the problem reported in this question and 2) create a new question describing the new problem and include updated logs and configurations.