KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

How to get a 192 address rather than a 10 address in PiVPN

Fri Mar 03, 2017 3:56 pm

Hi all Noob here, so please bear with me.

Apologies if this has been answered but I cannot find it if so.

I have setup a VPN on my PI using this guide;

https://www.sitepoint.com/setting-up-a- ... pberry-pi/

All works well, however I need to be able to access resources based on a 192 address and the vpn address is 10.0, is there a quick and easy way to resolve this or do i have to start from scratch?

Thanks in advance.

Keith

User avatar
DougieLawson
Posts: 35347
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to get a 192 address rather than a 10 address in PiV

Fri Mar 03, 2017 9:30 pm

Change

Code: Select all

server 10.8.0.0 255.255.255.0
to

Code: Select all

server 192.168.31.0 255.255.255.0
in your config file.

Whatever address block you chose it MUST NOT be the same as your local LAN address block or things will break badly. If you need to access your home LAN addresses you need to pass a route down the openvpn tunnel.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Fri Mar 03, 2017 10:32 pm

I get how to change the IP address but I didn't choose an address block. I do know my default gateway is 192.168.1.254 and most devices are in the 192.168.1.64-165 range including the pi itself. It's your second warning that I do not understand sorry Dougie but I'm extremely grateful for your reply. Can you please elaborate?

User avatar
DougieLawson
Posts: 35347
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to get a 192 address rather than a 10 address in PiV

Fri Mar 03, 2017 10:52 pm

You can't assign addresses from your home LAN to the remote end of the OpenVPN tunnel.

Stick

Code: Select all

server 192.168.31.0 255.255.255.0
route 192.168.xxx.0/24
where xxx is the subnet for your LAN in your config. That will send a route to the 192.168.31.0/24 subnet clients to let them route to your LAN 192.168.xxx.0/24. You should see that route in both ends with an ip route command.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Fri Mar 03, 2017 11:15 pm

Thanks Dougie, how do I find out what xxx is?

Terrible with subnets , networking in general.

I would be over the moon if I can get this working.

User avatar
DougieLawson
Posts: 35347
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to get a 192 address rather than a 10 address in PiV

Fri Mar 03, 2017 11:28 pm

ifconfig
hostname -I
ip addr show

Or run this

Code: Select all

#!/usr/bin/python3
import socket
testIP = "8.8.8.8"
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect((testIP, 0))
ipaddr = s.getsockname()[0]
host = socket.gethostname()
print ("IP:", ipaddr, " Host:", host)
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Fri Mar 03, 2017 11:32 pm

Thanks Dougie I will try this first thing tomorrow and come back to you. Genuine thanks.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 9:12 am

Dougie,

When I run those commands i get the following info;

inet 192.168.1.164/24 brd 192.168.1.255 scope global eth0

inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0

inet 127.0.0.1/8 scope host lo

So am I ok to enter;

server 192.168.31.0 255.255.255.0
route 192.168.1.64/24

I dont want to get this wrong, as you said major problems if I do.

Will this also give my clients internet access too?

User avatar
DougieLawson
Posts: 35347
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 9:15 am

You can probably get away with the route line only.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 9:34 am

So I have done the above, I get a 192.168.31.2 address on my clients but I cannot access the resources on 192.168.1.76: XXX, XXX

It shows the following on the PI when i do the ip route command;

default via 192.168.1.254 dev eth0 metric 202
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.164 metric 202
192.168.31.0/24 dev tun0 proto kernel scope link src 192.168.31.1

but in windows i get this;

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
===========================================================================
Persistent Routes:
None

Any ideas, what I need to do and thank you so far.

User avatar
DougieLawson
Posts: 35347
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 9:43 am

I don't know, you can't test this without taking a laptop to Costa's or Starbuck's or McD's so that you're connected by a non-local network.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 9:45 am

I am using 4g on my phone to test.

As i said above, I now get that 192.168.31.2 address allocated on the client (phone), but I still cannot access services running locally on a machine (192.168.1.76).

User avatar
DougieLawson
Posts: 35347
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 11:56 am

Try 192.168.31.1

You may need more to route through the raspberry out to the public internet, but because that is usually used to breach geo based DRM restrictions I'm not prepared to help further.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

KeithEdwards1889
Posts: 8
Joined: Fri Mar 03, 2017 3:50 pm

Re: How to get a 192 address rather than a 10 address in PiV

Sat Mar 04, 2017 1:25 pm

Cheers Dougie, I understand.

Somehow I have managed to get the vpn traffic to talk to my network.

I can run services based on my local network over http/https fine now. Running a speedtest on my phone (client) and I get about 8meg down and about the same up. Normally I get 69 meg down and 15 up on fibre, but i now have the following problems;

I cannot properly access the windows shares on my local network, although i do have some access but it is extremely slow.

I was hoping to access my media server to play content on the move, but it appears a non starter so far.

Thanks for your help in getting over the first hurdle.

RaspberryPi-Guy
Posts: 6
Joined: Sun Dec 02, 2018 6:36 am

Re: How to get a 192 address rather than a 10 address in PiVPN

Sun Dec 02, 2018 6:45 am

Do I have to rebuild my client profiles if I change my VPN address pool? I updated my server.conf file to use a 192 range I want to use (not using an existing subnet of course) but when I connect a client I can't reach my LAN resources. I tried the route statement in the server.conf but did notice my pi already has a route for my LAN subnet. Still no joy. Below is some info:

Using 192.168.254.64/26 for the LAN

Tried changing default pool range from10.8.0.0/24 to 192.168.252.0/48 (I don't have very many remote users)

This didn't work even though I see the route on my pi after I reboot for both the VPN subnet pointing to my tunnel interface as well as my LAN subnet via eth0.

I gotta be missing something here.

danjperron
Posts: 3330
Joined: Thu Dec 27, 2012 4:05 am
Location: Québec, Canada

Re: How to get a 192 address rather than a 10 address in PiVPN

Sun Dec 02, 2018 2:43 pm

I thing that you are confuse with IP Range. number of bits for IPV4 is 32 so it is impossible to put a range over
32.


Also

/24 means that only the first 24 bits are checked . netmask => 255.255.255.0
/16 means that only the first 16 bits are checked. netmask => 255.255.0.0.

You are using a subset of 10.X.X.X which is a private Class A address. It is possible to get up to 16 millions addresses.

Then use 10.8.0.0/16 subnet in class B . This is a netmask of 255.255.0.0 this will give you 65536 IPV4 addresses.

https://www.ripe.net/about-us/press-cen ... addressing

RaspberryPi-Guy
Posts: 6
Joined: Sun Dec 02, 2018 6:36 am

Re: How to get a 192 address rather than a 10 address in PiVPN

Mon Dec 03, 2018 5:05 am

Sorry. Typo on the /48. That was supposed to be a /28.

So again. /26 for home LAN and I'm trying to configure and use 192.168.252.0/28 as my VPN subnet instead of the default of 10.8.0.0/24. Not a must but I'd like to do it for 3 reasons:

1. I will never have over 200 vpn users
2. I like using 192.168 RCF1918 space vs 10 space.
3. Know how to do it.

danjperron
Posts: 3330
Joined: Thu Dec 27, 2012 4:05 am
Location: Québec, Canada

Re: How to get a 192 address rather than a 10 address in PiVPN

Mon Dec 03, 2018 12:23 pm

Now you are confusing me.

You want 192 addresses minimum then it is 10.8.0.0/24

/26 will give you only 64 addresses possible.


10 spaces only mean that your are using the private IPV4 address 10.0.0.0 ... 10.255.255.255


I do have two openvpn systems which used the 10.8.0.0/24 addresses and I do not have problem with them. One use dun and the other use tap.
Mind you that I never have more than 10 users connected.


This give me up to 256 addresses. Why is the reason you don't want /24 because is the minimum to get 192 addresses?

P.S. You could change 10.

drgeoff
Posts: 9351
Joined: Wed Jan 25, 2012 6:39 pm

Re: How to get a 192 address rather than a 10 address in PiVPN

Mon Dec 03, 2018 12:39 pm

danjperron wrote:
Mon Dec 03, 2018 12:23 pm
Now you are confusing me.

You want 192 addresses minimum then it is 10.8.0.0/24

/26 will give you only 64 addresses possible.
@danjperron

You are confusing yourself. :)

The OP does NOT want 192 addresses. He wants IP addresses which have 192 as the first number in the dotted quad.

danjperron
Posts: 3330
Joined: Thu Dec 27, 2012 4:05 am
Location: Québec, Canada

Re: How to get a 192 address rather than a 10 address in PiVPN

Mon Dec 03, 2018 2:47 pm

The OP does NOT want 192 addresses. He wants IP addresses which have 192 as the first number in the dotted quad.
Wow completely misread the post :lol: :lol: :lol:


Then you shouldn't use 192.168.1.0, 192.168.2.0 or 192.168.0.0 because they are often the local IP for routers. The user if it is connected via a normal router will have already an address using 192.168.
Then it won't be able to communicate to your vpn. The user computer won't forward IP outside via the router if the range is local.

You still able to use 192.168 but select the third number to be higher than 2, something like 192.168.10.0/26 for 64 addresses should do.

I got this problem once and this is the reason I did choose 10.8.0.0. This way I do not have problem with the user remote router IP.

danjperron
Posts: 3330
Joined: Thu Dec 27, 2012 4:05 am
Location: Québec, Canada

Re: How to get a 192 address rather than a 10 address in PiVPN

Mon Dec 03, 2018 2:56 pm

Also,
1. I will never have over 200 vpn users
if you have 200 vpn users you really need 192.168.10.0/24.

192.168.10.0/26 will give you only 64 possible addresses.

danjperron
Posts: 3330
Joined: Thu Dec 27, 2012 4:05 am
Location: Québec, Canada

Re: How to get a 192 address rather than a 10 address in PiVPN

Mon Dec 03, 2018 3:11 pm

OK I reread some parts

Code: Select all

Using 192.168.254.64/26 for the LAN

Tried changing default pool range from10.8.0.0/24 to 192.168.252.0/48 (I don't have very many remote users)
Ok your lan address is limited to 64 addresses. 192.168.254.64/26 Is the DNS or all computer you try to connect to are inside the mask.
And the IP for the PiVPN is 192.168.252.64/28 which is 16 possibles addresses.


Did you push your local IP in your configuration with the correct mask

push "route 192.168.254.64 255.255.255.192"


What really is your server command in the config? "server 192.168.252.0 255.255.255.192"

RaspberryPi-Guy
Posts: 6
Joined: Sun Dec 02, 2018 6:36 am

Re: How to get a 192 address rather than a 10 address in PiVPN

Wed Dec 05, 2018 5:18 am

I think my response has gotten people stuck of the size of my subnets. This is a small SOHO network. I know my LAN /26 only has 62 possible users. That's how I want it. I use static DHCP for everything. It's my OCD. LOL This whole thing is OCD because with the default 10 network pivpn works fine. I just wanna use 192.168.252.0/28 (192.168.252.0 255.255.255.248) for my vpn subnet and learn in the process. I know I used both CIDR and long notation but people ask so I put it in.

As for my server.conf it has the command "server 192.168.252.0 255.255.255.248" in the file

I don't have the route command in my server.conf file

So after writing this reply I checked iptables. I guess pivpn installs a couple of chains for the default 10.8.0.0 network. I'll admit I don't know iptables well but thanks to webmin I was able to find the chains and change them to what I wanted for my vpn network. Boom!! I can reach my LAN resources. I only somewhat understand what I did so maybe someone can explain it. But it seems like the postrouting forwarding chain was still looking for 10.8.0.0/24 before I changed it. Sorry..mostly a route/switch guy here. Still learning iptables.

[pi@RaspberryPi ~]# sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.252.0/28 anywhere
MASQUERADE all -- 192.168.252.0/28 anywhere

Thanks for all the replies and help.

RaspberryPi-Guy
Posts: 6
Joined: Sun Dec 02, 2018 6:36 am

Re: How to get a 192 address rather than a 10 address in PiVPN

Sun Dec 09, 2018 5:53 pm

So things are 100% just yet. While I can get this to work, I noticed after a reboot of the pi my VPN clients couldn't reach the internet. So I went into webmin and clicked on apply configuration under the Linux Firewall section to change the masquerade chain from the 10 network to the 192 network . Then it worked. So the change I made in the management suite (webmin) doesn't seem to permanently write anything to the config. So I guess I have to find a way to apply this config at startup or find out where in the iptables chain this is.

Return to “Troubleshooting”