Menu
▾
▴
[Openvpn-users] Problem with --ifconfig endpoints under Windows
|
From: Stole P. <amo...@gm...> - 2012-03-14 15:49:40
|
Hi, I just wrote a client config file for openvpn. The problem is this: I tried running the config under Linux and is working great, it's connecting to the server and everything is fine, but when I use the SAME config file for windows, it gives me some strange errors, like this: Wed Mar 14 08:31:02 2012 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.0.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn) Wed Mar 14 08:31:02 2012 There is a problem in your selection of --ifconfig endpoints [local=10.8.0.10, remote=255.255.0.0]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info. Wed Mar 14 08:31:02 2012 Exiting I don't know what could be the problem, since the script is working perfectly fine on Linux. I have some thoughts about this though: 1. Is it because the networking adapters in linux and windows are behaving differently, so I need to add more options in the config file in order to make it work for windows environments? 2. I was testing it on a windows virtual machine under virtualbox - at first I thought it was because I used NAT networking, but when I switched to Bridged Adapter mode and it gave me the same error, I don't really think this is the issue, but it may be the case, I just don't know. And also, here is the client config file I am using: ############################## ################ # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. ;proto tcp proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote x.x.x.x xxx ;remote my-server-2 1194 ;remote 74.208.70.12 1359 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt #cert client1.crt #key client1.key #topology subnet # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 auth-user-pass If you could help me out with this, that would be great, thank you in advance. |
