server.conf ip address ignored

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • marting
    Junior Member
    • May 2024
    • 4

    server.conf ip address ignored

    Hi,
    I've installed OpenVPN via PiVPN
    Code:
    curl -L https://install.pivpn.io | bash
    on
    Code:
    Linux raspberrypi4b1 6.6.20+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.20-1+rpt1 (2024-03-07) aarch64
    I wanted to change the ip address range on the server from
    Code:
    10.24.181.0
    to
    Code:
    10.9.0.0
    and therfore changed in
    Code:
    /etc/openvpn/server.conf
    Code:
    ...
    ecdh-curve prime256v1
    topology subnet
    server 10.9.0.0 255.255.255.0
    # Set your primary domain name server address for clients
    push "dhcp-option DNS 10.9.0.1"
    push "block-outside-dns"
    # Override the Client default gateway by using 0.0.0.0/1 and
    # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
    # overriding but not wiping out the original default gateway.
    push "redirect-gateway def1"
    client-to-client
    client-config-dir /etc/openvpn/ccd
    keepalive 15 120
    
    
    ...
    after
    Code:
    sudo systemctl restart openvpn[
    I still get ip address from the standard range on my iPhone, e.g.
    Code:
    10.24.181.2
    What I'm doing wrong?

    PS: ifconfig does show correct:
    Code:
    tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
            inet 10.9.0.1  netmask 255.255.255.0  destination 10.9.0.1
            inet6 fe80::5f9b:ccab:37fc:6e0c  prefixlen 64  scopeid 0x20<link>
            unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500
    Last edited by marting; 2024-05-15, 12:39 PM.
  • Pippin
    Administrator
    • Dec 2023
    • 19

    #2
    Hi,

    Take a look in
    Code:
     
     /etc/openvpn/ccd

    Comment

    • marting
      Junior Member
      • May 2024
      • 4

      #3
      Originally posted by Pippin
      Hi,

      Take a look in
      Code:
      /etc/openvpn/ccd
      Hi Pippin, thanks for this hint:
      I've found an ovpn file with the following content:

      Code:
      fconfig-push 10.24.181.2 255.255.255.0​
      not sure where this comes from?
      removed the file - now the Iphone has got ip adddress from correct range!

      Comment

      • marting
        Junior Member
        • May 2024
        • 4

        #4
        Hi,
        I'm still struggling with my openvpn setup.

        My iPhone connects via openvpn app and gets ip address 10.9.0.2 as expected (after I've removed the file in /etc/openvpn/ccd - see above).
        I can access other devices on the same subnet, but not able to reach external address like e.g. google.com

        It might have interfer with installed pi-hole on the same raspberrypi - with the ip address 192.168.1.128 ?
        What do I need to change in ovpn?

        ifconfig:
        Code:
        eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
                inet 192.168.1.128  netmask 255.255.255.0  broadcast 192.168.1.255
                inet6 fe80::4f9c:d85d:d319:be0c  prefixlen 64  scopeid 0x20<link>
                ether e4:5f:01:cf:40:03  txqueuelen 1000  (Ethernet)
                RX packets 40960  bytes 5192578 (4.9 MiB)
                RX errors 0  dropped 1  overruns 0  frame 0
                TX packets 18917  bytes 4509311 (4.3 MiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
        lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
                inet 127.0.0.1  netmask 255.0.0.0
                inet6 ::1  prefixlen 128  scopeid 0x10<host>
                loop  txqueuelen 1000  (Local Loopback)
                RX packets 16547  bytes 1176427 (1.1 MiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 16547  bytes 1176427 (1.1 MiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
        tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
                inet 10.9.0.1  netmask 255.255.255.0  destination 10.9.0.1
                inet6 fe80::1250:ecf9:138d:45d7  prefixlen 64  scopeid 0x20<link>
                unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
                RX packets 2565  bytes 492980 (481.4 KiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 174  bytes 27876 (27.2 KiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
        wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
                ether e4:5f:01:cf:40:04  txqueuelen 1000  (Ethernet)
                RX packets 58  bytes 13413 (13.0 KiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 28  bytes 3808 (3.7 KiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

        Comment

        • marting
          Junior Member
          • May 2024
          • 4

          #5
          after a longer night googling I've found the problem and solution here - now internet access via OpenVPN on iPhone works as expected!

          In raising this issue I confirm that I have read the documentation I have read and understood the PiVPN General Guidelines I have read and understood the PiVPN Troubleshooting Guidelines The issue ...


          The problem was an old/wrong MASQUERADE entry in iptables.

          Code:
          sudo iptables -t nat -L --line-numbers

          Comment

          Working...
          😀
          😂
          🥰
          😘
          🤢
          😎
          😞
          😡
          👍
          👎