OpenVPN/Tunnelblick through wireless router, no connection
1,908 views
Skip to first unread message
Oscar
May 29, 2010, 5:01:25 PM5/29/10
to tunnelblick-discuss
Hi!
I'm using OpenVPN with Tunneblick on my Macbook Pro to access a server
on my job. I't works fine, but i can't get it working with my Netgear
WGT624v3 wireless router.
I get this warning:
WARNING: potential route subnet conflict between local LAN
[192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Someone told me that i should "port forward" on my router, but i can't
figure out the right settings. Also not shure i'm doing it right.
/Oscar
I'm using OpenVPN with Tunneblick on my Macbook Pro to access a server
on my job. I't works fine, but i can't get it working with my Netgear
WGT624v3 wireless router.
I get this warning:
WARNING: potential route subnet conflict between local LAN
[192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Someone told me that i should "port forward" on my router, but i can't
figure out the right settings. Also not shure i'm doing it right.
/Oscar
jkbull...gmail.com
May 29, 2010, 7:13:14 PM5/29/10
to tunnelblick-discuss
The problem is indicated by the warning message. It is saying that
both the local LAN network and the remote VPN network use the same
addresses, in the range of 192.168.1.0 - 192.168.1.255. So there's a
conflict.
You can't change the remote network, but you should be able to change
your Netgear router's settings so your LAN has a different address
range without it causing any problems. I don't remember exactly how to
do it on a Netgear router, but what you want to change is probably on
the router's main setup page. It is probably called the address of the
router. Change it to 192.168.2.1, or 192.168.2, if it won't let you
set the digits after the last decimal point.
After you change your router's settings, you may have to restart all
computers connected to your LAN, although you might be able to get
away with disconnecting their network cables and then reconnecting
them, or turning off the wireless (e.g. Airport on your Macbook Pro)
and then turning it on again. The reason for this is that your
computers obtain an address for themselves from your router (through
DHCP), and they need to get their "new" address in the new range.
You don't have to set up port forwarding to run an OpenVPN _client_,
only for running an OpenVPN _server_. Since you have a client (your
Macbook Pro) on your LAN, you don't need to use port forwarding.
Please let us know how it goes.
both the local LAN network and the remote VPN network use the same
addresses, in the range of 192.168.1.0 - 192.168.1.255. So there's a
conflict.
You can't change the remote network, but you should be able to change
your Netgear router's settings so your LAN has a different address
range without it causing any problems. I don't remember exactly how to
do it on a Netgear router, but what you want to change is probably on
the router's main setup page. It is probably called the address of the
router. Change it to 192.168.2.1, or 192.168.2, if it won't let you
set the digits after the last decimal point.
After you change your router's settings, you may have to restart all
computers connected to your LAN, although you might be able to get
away with disconnecting their network cables and then reconnecting
them, or turning off the wireless (e.g. Airport on your Macbook Pro)
and then turning it on again. The reason for this is that your
computers obtain an address for themselves from your router (through
DHCP), and they need to get their "new" address in the new range.
You don't have to set up port forwarding to run an OpenVPN _client_,
only for running an OpenVPN _server_. Since you have a client (your
Macbook Pro) on your LAN, you don't need to use port forwarding.
Please let us know how it goes.
Oscar
May 30, 2010, 3:32:50 AM5/30/10
to tunnelblick-discuss
I now changed the routers IP to 192.168.2.1 and also got internet
connection.
But when i connect to the VPN i get this error code instead:
write UDPv4: Network is unreachable (code=51)
Mabey i have to chang something in the tunnelblick config?
connection.
But when i connect to the VPN i get this error code instead:
write UDPv4: Network is unreachable (code=51)
Mabey i have to chang something in the tunnelblick config?
Oscar
May 30, 2010, 4:30:23 AM5/30/10
to tunnelblick-discuss
Just checed the log again and saw that i also got this message before
the "code=51" messages:
2010-05-30 10:25:54 WARNING: potential route subnet conflict between
local LAN [192.168.2.0/255.255.255.0] and remote VPN
[192.168.2.1/255.255.255.255]
2010-05-30 10:25:54 /sbin/route add -net 192.168.2.1 192.168.2.57
255.255.255.255
Does this mean that the Remote VPN Dynamicly changes it's ip depending
on my IP ???
in the tunnelblick config my admin at work put two "route"s:
route 192.168.1.0 255.255.255.0
route 213.136.37.0 255.255.255.0
can this have anything to do with it?
the "code=51" messages:
2010-05-30 10:25:54 WARNING: potential route subnet conflict between
local LAN [192.168.2.0/255.255.255.0] and remote VPN
[192.168.2.1/255.255.255.255]
2010-05-30 10:25:54 /sbin/route add -net 192.168.2.1 192.168.2.57
255.255.255.255
Does this mean that the Remote VPN Dynamicly changes it's ip depending
on my IP ???
in the tunnelblick config my admin at work put two "route"s:
route 192.168.1.0 255.255.255.0
route 213.136.37.0 255.255.255.0
can this have anything to do with it?
jkbull...gmail.com
May 30, 2010, 8:08:13 AM5/30/10
to tunnelblick-discuss
(1) The additional subnet conflict message is saying that remote
network is using 192.168.2.1 and the other seems to be saying the
remote network is using 192.168.2.57, so try changing your local
network to 192.168.25.* or something like that. (In other words, I
think the remote network is using 192.168.1.* _and_ 192.168.2.*, so I
am suggesting changing your local network to use something completely
different in the hopes of finding something that the remote network
doesn't use). As before, you should restart any computer(s) on your
local network after changing the router settings. Another one you
could try is 192.168.0.*, which many routers use as a default (Netgear
apparently is using 192.168.1.* as a default.)
(2) At this point I don't think the route commands have anything to do
with it, but it depends on what else is in the configuration file.
After trying a new IP range (1, above), you can try removing the route
lines from the config -- it won't hurt to try that; but make a backup
of the configuration file before you modify it, so you can restore it
if the changes don't help.
In another hour or so I'll be offline for the next 36 hours, but
please post to keep us informed of your situation.
network is using 192.168.2.1 and the other seems to be saying the
remote network is using 192.168.2.57, so try changing your local
network to 192.168.25.* or something like that. (In other words, I
think the remote network is using 192.168.1.* _and_ 192.168.2.*, so I
am suggesting changing your local network to use something completely
different in the hopes of finding something that the remote network
doesn't use). As before, you should restart any computer(s) on your
local network after changing the router settings. Another one you
could try is 192.168.0.*, which many routers use as a default (Netgear
apparently is using 192.168.1.* as a default.)
(2) At this point I don't think the route commands have anything to do
with it, but it depends on what else is in the configuration file.
After trying a new IP range (1, above), you can try removing the route
lines from the config -- it won't hurt to try that; but make a backup
of the configuration file before you modify it, so you can restore it
if the changes don't help.
In another hour or so I'll be offline for the next 36 hours, but
please post to keep us informed of your situation.
Oscar
May 30, 2010, 3:03:18 PM5/30/10
to tunnelblick-discuss
I changed the IP to 192.168.25.1, and now it's working perfectly!!
Many, many thanks to you! this was very fustrating...
Awesome help!
Many, many thanks to you! this was very fustrating...
Awesome help!
maria...@gmail.com
May 31, 2010, 6:14:55 AM5/31/10
to tunnelblick-discuss
hi
that looks like yout subnet on local network is the same as the subnet
of the OPENVPN network.
I would try to change the openvpn broadcast network to something else
for example 192.168.15.0/255.255.255.0
that would give you an openvpn ip address on different network
that looks like yout subnet on local network is the same as the subnet
of the OPENVPN network.
I would try to change the openvpn broadcast network to something else
for example 192.168.15.0/255.255.255.0
that would give you an openvpn ip address on different network
Reply all
Reply to author
Forward
0 new messages