How do I set up a OpenVPN server on pfsense
I don't know about pfSense, but from the OpenVPN perspective the line of interest here is
Options error: --server directive network/netmask combination is invalid
This means that you've specified a VPN network address and netmask that do not combine. OpenVPN checks the network address to have zeroes where the netmask expects zeroes. E.g. 192.168.1.0 + 255.255.255.0 matches, but 192.168.1.1 + 255.255.255.0 does not match.
In your case, you should select a (private) network segment which is not used in your local network, e.g. 10.0.8.0, for your tunnel network instead of your WAN IP. OpenVPN will assign addresses from that range to connecting clients.
Related videos on Youtube
Ryu
Updated on September 18, 2022Comments
-
Ryu almost 2 years
How do I set up a OpenVPN server on pfsense? I want to be able to VPN in from a labptop when I am on the road. I set up a openvpn server in the openvpn menu. I duplicated that NAT rules for the VPN server. I tried opening the fire wall ports. I also set up the certificates, made a user account (put a certificate on that) as well as turned on the interface. I am thinking my next step has something to do with fixing it so the vpn server process can run but I am not sure why it will not start. I also think my firewall rules should be done better so I don't leave a port wide open but I'm not sure how.
I cleared all the logs and then tried to start up the VPN server. I got this:
Jun 26 00:30:57 openvpn[26660]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jun 26 00:30:57 openvpn[26660]: MANAGEMENT: CMD 'state 1' Jun 26 00:30:57 openvpn[26660]: MANAGEMENT: Client disconnected Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: CMD 'state 1' Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: CMD 'status 2' Jun 26 00:30:57 openvpn[34295]: MANAGEMENT: Client disconnected Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: Client connected from /var/etc/openvpn/client4.sock Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: CMD 'state 1' Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: CMD 'status 2' Jun 26 00:30:57 openvpn[45727]: MANAGEMENT: Client disconnected Jun 26 00:30:59 openvpn[87234]: Options error: --server directive network/netmask combination is invalid Jun 26 00:30:59 openvpn[87234]: Use --help for more information. Jun 26 00:31:10 openvpn[26660]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jun 26 00:31:10 openvpn[26660]: MANAGEMENT: CMD 'state 1' Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Jun 26 00:31:10 openvpn[26660]: MANAGEMENT: Client disconnected Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: CMD 'state 1' Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: CMD 'status 2' Jun 26 00:31:10 openvpn[34295]: MANAGEMENT: Client disconnected Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: Client connected from /var/etc/openvpn/client4.sock Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: CMD 'state 1' Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: CMD 'status 2' Jun 26 00:31:10 openvpn[45727]: MANAGEMENT: Client disconnected
I have a guess that this has something to do with my "IPv4 Tunnel Network" and "IPv4 Local Network/s"
My IPv4 Tunnel Network is:
WAN_ip/24
MY IPv4 Local Network/s is:
LAN_ip/24
I am not sure this is what is suppose to be here.
edit: I found two issues. My WAN_ip should not have been my WAN_ip but a made up ip. Also, I was not specifying to for it to get log in account information correctly. I can now connect to the VPN but it gives no internet.
-
Ryu about 10 yearsI set up a openvpn server in the openvpn menu. I duplicated that NAT rules for the VPN server. I tried opening the fire wall ports. The process itself is not running
-
Ryu about 10 yearsI forgot to mention that I also set up the certificates, made a user account (put a certificate on that) as well as turned on the interface. I am thinking my next step has something to do with fixing it so the vpn server process can run but I am not sure why it will not start. I also think my firewall rules should be done better so I don't leave a port wide open but I'm not sure how.
-
drs about 10 yearsYou can edit the question using the link just below the question tags. Write all of those details into the question because they're much less noticeable down here in the comments.
-
drs about 10 yearsAre there any system logs that you can check that may give a clue about what the problem is?
-
Ryu almost 10 yearsLogs are posted above
-
drs almost 10 yearsYou've done a nice job improving this question, but I'm out of advice. I'd try to look into what's causing the
options error
in the logs. If you've set up the VPN from a GUI, try Googling that line in the logs. -
Ryu almost 10 yearsAnyone have an idea?
-
Ryu almost 10 yearsUpdated information on the problem
-
drs almost 10 yearsGlad to hear you're making progress. Check your logs again. Did the answer below solve the error reported before? Is VPN service started now? If so 1) accept that answer because it solved the problem reported in this question and 2) create a new question describing the new problem and include updated logs and configurations.
-