pfSense Support Subscription

Author Topic: Not possible to set Gateway IP on IPv4 OpenVPN interface  (Read 17738 times)

0 Members and 1 Guest are viewing this topic.

Offline sebastiannielsen

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +7/-2
    • View Profile
Not possible to set Gateway IP on IPv4 OpenVPN interface
« on: February 01, 2013, 12:26:53 pm »


Its tells me that I can't set a IPv6 Adress on a IPv4 only interface, buts that what im obviously NOT doing. Im trying to set a IPv4 Gateway!

Offline bardelot

  • Full Member
  • ***
  • Posts: 176
  • Karma: +0/-0
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #1 on: February 01, 2013, 03:04:29 pm »
Looks like there was a mix up with the text and the error should be "You can not use a IPv4 Gateway Address on a IPv6 only interface.". The interface is assumed to be IPv6 only when no IPv4 address is assigned to it. So to get that working your WANVPN1 interface needs an IPv4 address.
« Last Edit: February 01, 2013, 03:21:58 pm by bardelot »

Offline sebastiannielsen

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +7/-2
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #2 on: February 01, 2013, 06:50:13 pm »
The interface does have a static IPv4 assigned. (193.13.142.178/25)



Seems that everything OpenVPN Client related is b0rked in Snapshots.
Went into file manager and patched away sanity checks on gateway IPs. Got my desired gateway and IPs assigned
but the interface does not work at all!
Seems there is a sanity check somewhere else in the system.
« Last Edit: February 01, 2013, 07:54:18 pm by sebastiannielsen »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #3 on: February 02, 2013, 10:05:08 am »
You do not edit OpenVPN gateways. They are automatic, and they use the IPs configured on the interface.

It's more likely that you're doing something incorrectly than hitting a bug.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ggzengel

  • Full Member
  • ***
  • Posts: 264
  • Karma: +3/-0
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #4 on: February 02, 2013, 08:07:38 pm »
And how making load balancing and traffic shaping without a gateway?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #5 on: February 02, 2013, 08:15:01 pm »
Use the gateway as it is. It works fine without entering an IP. It's a dynamic type gateway so the IP is handled automatically behind the scenes. Check Status > Gateways and you'll see the IP of the remote VPN endpoint.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ggzengel

  • Full Member
  • ***
  • Posts: 264
  • Karma: +3/-0
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #6 on: February 02, 2013, 09:04:46 pm »
Sometime it's too easy to understand.
I thought it would be more complex and I have to give an IP to the interface.

Perhaps it would be more transparent if there are an other option than none for IPV4 and IPV6 in this case.
1. Because if i set it to none I will get a gateway what I not expect.
2. I don't need an IPV6 gateway for this interface and make some confusion on dashboard.
3. I will get an IPV6 gateway if I have disabled IPV6 globally.


The gateway won't have an IP until you restart openvpn.
« Last Edit: February 02, 2013, 09:12:17 pm by ggzengel »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #7 on: February 04, 2013, 07:35:14 am »
That's always how OpenVPN gateways have worked when the interface is assigned. The gateways magically appeared once the interface was assigned.

#2/#3 (the same issue) is something we can look into eventually but it's safe to just ignore it. It doesn't hurt anything.

As for the gateway not showing up until you restart OpenVPN, again, that's how it's always worked. If you save/apply the Interface, you've always needed to restart the corresponding OpenVPN instance.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #8 on: February 05, 2013, 06:22:32 pm »
I pushed a commit to skip the IPv6 gateways if you have IPv6 disabled, but the others are likely going to have to stay.

The problem with skipping them if they don't have an IP is that in some cases OpenVPN may not have the IP if it's not connected (especially SSL/TLS in a server/multi-client setup), but we can't just take away the gateway in those cases as it may be needed and used once the VPN does connect. Not quite so easy to solve.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ggzengel

  • Full Member
  • ***
  • Posts: 264
  • Karma: +3/-0
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #9 on: February 05, 2013, 07:15:22 pm »
Thanks.

Offline sebastiannielsen

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +7/-2
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #10 on: February 06, 2013, 03:12:48 pm »
A problem is that it seems to use the gateway configuration pushed from the OpenVPN server despite theres local gateway configured in the .ovpn file.
This causes a odd error of setting the netmask (255.255.255.128) as gateway on one of the VPNs.
It seems like the VPN provider have one server for all its customers, which gives a "generic" pushed configuration thats fits all dynamic customers, then gives each static customer its own .ovpn file which contains a customer-unique gateway & static IP.

Thats why it MUST be possible to manually set IP and gateway on OpenVPN assigned interfaces.


On 2.0.2 its possible to manually set gateways on OpenVPN interfaces, and it work wonderfully. Im surfing from behind that 2.0.2 pfsense box now, with manual gateways & IP on 2 OpenVPN tunnels, where one of the gateways are default gateway.
On 2.1 its completely broken to manually set gateways on OpenVPN interfaces. Also another odd error is that its also uses the netmask pushed from OpenVPN server rather from the .ovpn file, so the interface gets its netmask set to /32 instead of /25.

(had to downgrade from 2.1 to 2.0.2 due to the problem)

As a customer, you are supposed to override the server-pushed configuration with your own customer-specific .ovpn file when you select static IP, rather than dynamic IP from the VPN provider.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #11 on: February 06, 2013, 03:14:23 pm »
Then use settings in the OpenVPN advanced options, not gateway entries.

If it worked that way before, it was purely by chance.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline sebastiannielsen

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +7/-2
    • View Profile
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #12 on: February 06, 2013, 03:41:53 pm »
The problem is that PfSense prefers the pushed config in favor for the Advanced config set.

The 2 tunnels are configured with these advanced configs, obtained from 2 VPN tunnel providers .ovpn configs:
float 62.181.89.21;route-gateway 193.13.142.129;ifconfig 193.13.142.178 255.255.255.128;
float 46.59.86.2;route-gateway 46.59.86.129;ifconfig 46.59.86.163 255.255.255.128;

With no manual gateway config, OpenVPN restarted:

As you see, the PfSense behaves oddy and sets the gateway = the netmask specified in ifconfig in .ovpn

With manual gateway specified, OpenVPN restarted:


Note that the tunnels are UP in both of the scenarios.

This is on 2.0.2. As you see, the problem solves when manually specifying gateway.
Basically, you need to specify the gateway BOTH in advanced config AND manual gateway for it to work with certain VPN providers.

Thats why the "feature" of manually specifying gateways on with OpenVPN interfaces on 2.1 must stay. Some VPN providers require this to work.
« Last Edit: February 06, 2013, 03:49:30 pm by sebastiannielsen »

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Not possible to set Gateway IP on IPv4 OpenVPN interface
« Reply #13 on: March 06, 2014, 01:00:37 pm »
updating this thread in case anyone else runs across it (someone linked to it from elsewhere). The problem noted in the last post here is this:
https://redmine.pfsense.org/issues/3475

which is fixed in 2.1.1