Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    84

    Default OpenVPN CLient connects fine to OpenVPN server subnet...

    Hi,
    I've had this trouble before and I don't remember finding a resolution. I searched the forum and couldn't find an answer either. Subtle differences in wording leads to similar yet very different problems.

    My issue is I had a site to site connection with 3 UT servers and OpenVPN and all was well. One server (hardware) crashed in a storm and had to give client disti of OpenVPN to one staff member. Installed, gave admin pass (I hate this) so OpenVPN can run properly (W7 elevation) and it connects fine and he can access what he needs in this office.

    What he cannot do if the VPN is connected is anything on his subnet - print - ping anything.

    My subnet is 192.168.2.0/24 his is 192.168.0.0/24. I know they should be less "homelike" subnets and I have started changing them (third subnet is 10.10.10.0/24) but I haven't gotten them all changed yet. Still it works fine site to site with these. It is only when client connects that it is an issue. He has to disconnect the VPN to print and sometimes needs to restart beore he can print.

    Any help you can lend will be appreciated.

    jtmiles

  2. #2
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,386

    Default

    so right now you have two Untangle boxes in a site to site? 192.168.2.x and 10.10.10.x?

    anything interesting in the OpenVPN log when he connects? maybe something about a route conflict?
    Attention: Support on the Untangle Forums is provided by volunteers and community members.
    If you need official Untangle support please call or email support@untangle.com.

  3. #3
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,602

    Default

    Check the submask on your export rule.
    Make sure it is /24 and not /16

    If you can do a "route print" from the vpn client and post the outprint.

  4. #4
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    84

    Default

    Thanks for replying so quickly. I have been out of town over a long weekend, so sorry I have been so long getting you the info.

    here is the status/log:
    Wed Jun 01 08:07:33 2011 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
    Wed Jun 01 08:07:33 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed Jun 01 08:07:33 2011 LZO compression initialized
    Wed Jun 01 08:07:33 2011 UDPv4 link local: [undef]
    Wed Jun 01 08:07:33 2011 UDPv4 link remote: 66.49.46.194:1194
    Wed Jun 01 08:07:35 2011 [server.does.not.exists] Peer Connection Initiated with 66.49.46.194:1194
    Wed Jun 01 08:07:37 2011 TAP-WIN32 device [Local Area Connection* 9] opened: \\.\Global\{E27F2F9A-E686-466D-8C73-35FBDF5A2DE4}.tap
    Wed Jun 01 08:07:37 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.16.37/255.255.255.252 on interface {E27F2F9A-E686-466D-8C73-35FBDF5A2DE4} [DHCP-serv: 172.16.16.38, lease-time: 31536000]
    Wed Jun 01 08:07:37 2011 Successful ARP Flush on interface [14] {E27F2F9A-E686-466D-8C73-35FBDF5A2DE4}
    Wed Jun 01 08:07:42 2011 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
    Wed Jun 01 08:07:42 2011 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=14]
    The route addition failed: The object already exists.
    Wed Jun 01 08:07:42 2011 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
    Wed Jun 01 08:07:42 2011 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=14]
    The route addition failed: The object already exists.
    Wed Jun 01 08:07:42 2011 Initialization Sequence Completed

    Do I need to delete the Site to Site connection that this is replacing for it to work properly?

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,851

    Default

    Quote Originally Posted by jtmiles View Post
    Wed Jun 01 08:07:42 2011 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
    This part is all that matters. It is happily informing you that your network is utilizing a 192.168.0.0/24 IP subnet, and the client is using the same subnet on it's local network.

    One network or the other will have to be renumbered.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  6. #6
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    84

    Default

    But they are the same network.
    Main Office: 192.168.2.0/24
    Site1: 10.10.10.0/24
    Site2(which is the fallen one) 192.168.0.0/24
    this is where the client is now connecting since the UT server died. So do I need to remove the Site to Site in my Main Office to Site2 for everything to play nice?
    Thanks sky-knight!

    jtmiles

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,851

    Default

    Yes, the routes are conflicting. You don't need to yank the site to site client, you just need to yank the export for it.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  8. #8
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    84

    Default

    sky-knight,
    I have pulled the export, and my client has disconnected/reconnected-restarted and still:

    "The route addition failed: The object already exists.
    Thu Jun 02 11:45:47 2011 WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.255.0]
    Thu Jun 02 11:45:47 2011 Initialization Sequence Completed"

    I think I may need to pull the site to site as well. Or perhaps, restart my OpenVPN server?

    jtmiles

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,851

    Default

    I couldn't hurt, as far as I'm aware the routes pushed by OpenVPN are determined by the export, not the site-to-site client. I could be wrong however, you may as well try it.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  10. #10
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    84

    Default

    sky-knight,
    I had already deleted the export and I just disabled the site to site client and now it works! Thanks for your help. I have ordered a UT appliance to replace the server. Thanks again for your help as well as webfool and hlarsen. Mark this one as SOLVED!



    jtmiles

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2