Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Specific Overrides Bug with Alias in IPv4 Tunnel Network

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 362 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OdetteO
      Odette
      last edited by

      Hi there,
      OVPN set up as subnet topology.
      IPv4 Tunnel Network set to 10.0.0.0/24

      Despite the inline help for IPv4 Tunnel Network in Client Specific Overrides states:

      The virtual IPv4 network or network type alias ...
      • if I define a network type alias (let's say myip set to 10.0.0.200/24) and use it in IPv4 Tunnel Network in Client Specific Overrides, my tun0 interface is assigned 10.0.0.0/24
      • if I type directly 10.0.0.200/24 in IPv4 Tunnel Network in Client Specific Overrides, my tun0 interface is assigned 10.0.0.200/24

      (Already tried myip set to 10.0.0.200/32 or as ip type alias set to 10.0.0.200 without success)

      So, it seems that aliases are not working correctly here, or that the documentation is faulty. For sure, aliases here would be a great feature.

      Better feature would be if the common name of a client connected via OVPN became automagically an alias for the client's tunnel network IP. This way the "reservation" problem should be solved, or the firewall rules could be set without the need of defining Client Specific Overrides. But this is an other story.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Odette
        last edited by

        @Odette said in Client Specific Overrides Bug with Alias in IPv4 Tunnel Network:

        if I define a network type alias (let's say myip set to 10.0.0.200/24)

        This isn't a proper network address in conjunction with the stated mask. So I don't consider it to be a valid network alias.

        But in the CSO you have to state a single address with the proper mask of the tunnel network, when using subnet topology. So network aliases cannot be used here at all.
        However, when using net30 topology, proper network aliases should work though, I assume.

        Anyway, I agree that the term "network type alias" is unfavorable there, since subnet topology is widely used these days.

        OdetteO 1 Reply Last reply Reply Quote 0
        • OdetteO
          Odette @viragomann
          last edited by Odette

          Ok, so I suggest to review the description of the input field from:

          The virtual IPv4 network or network type alias with a single entry used for private communications between this client and the server expressed using CIDR (e.g. 10.0.8.5/24).
With subnet topology, enter the client IP address and the subnet mask must match the IPv4 Tunnel Network on the server.
With net30 topology, the first network address of the /30 is assumed to be the server address and the second network address will be assigned to the client.

          to:

          The virtual IPv4 network (or, just for net30 topology, a network type alias with a single entry) used for private communications between this client and the server expressed using CIDR (e.g. 10.0.8.5/24).
...
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.