OpenVPN won’t start due to the following error:
Options error: --server-ipv6 is incompatible with ‘nopool’ option
I have a very basic server configuration as follows:
openvpn vtun1 {
mode server
persistent-tunnel
replace-default-route {
}
server {
name-server 1.1.1.1
name-server 8.8.8.8
subnet 172.18.19.0/24
subnet fc00::/64
}
tls {
ca-cert-file /config/auth/openvpn/ca.crt
cert-file /config/auth/openvpn/server.crt
dh-file /config/auth/openvpn/dh2048.pem
key-file /config/auth/openvpn/server.key
}
}
This is in /var/run/openvpn/vtun1.conf where the problem appears to be server 172.18.19.0 255.255.255.0 nopool:
verb 3
user openvpn
group openvpn
dev-type tun
dev vtun1
persist-key
iproute /usr/libexec/vyos/system/unpriv-ip
proto udp
multihome
persist-tun
push "redirect-gateway def1"
mode server
tls-server
topology net30
server 172.18.19.0 255.255.255.0 nopool
ifconfig-pool 172.18.19.4 172.18.19.253
server-ipv6 fc00::/64
keepalive 10 600
management /run/openvpn/openvpn-mgmt-intf unix
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
ca /config/auth/openvpn/ca.crt
cert /config/auth/openvpn/server.crt
key /config/auth/openvpn/server.key
dh /config/auth/openvpn/dh2048.pem
compat-names
I am attempting to migrate from a working pfsense instance that has:
server 172.18.19.0 255.255.255.0
server-ipv6 fc00::/64
Why is the nopool option added on the server ip4 statement? While I might manually edit vtun1.conf to remove that option, I assume my changes won’t persist and that is a bad idea. Are there any workarounds to this?
Thanks,
Mike