/30 network - This IPv4 address is the network address
-
I need to create a subnet 10.y.z.240/30.
With nothing else (like DHCP) set before and just after doing "Interfaces" -> "Assignment" -> "Add" I did:
"Interface" -> myNewOne:
- IPv4 Configuration Type: Static IPV4
- IPv4 Address: 10.y.z.240 / 30
I got
"The following input errors were detected:This IPv4 address is the network address and cannot be used"I do not see why x.y..z.240/30 should be a illegal value. It is just:
IP Address: 10.x.y.240 Network Address: 10.x.x.240 Usable Host IP Range: 10.x.y.241 - 10.208.241.242 Broadcast Address: 10.x.y.243What can I do so that 10.y.z.240 / 30 is accepted. I need this network because it is defined as local subnet of a IP sec tunnel which a have to have.
Before a I had got a 10.x.y.27/32. But there was the problem that inside a network with just one IP I did not have a gateway with an address unequal to the one of the client inside the network itself.
-
@admin_axx 240 is the network, 241 and 242 are usable IPs, 243 is broadcast.
network and broadcast can't be used.dead on arrival, nowhere to be found.
-
@mcury
And where do/can I set the network?For the IPSec tunnel a need a Local Subnet 240/30 = network.
-
@admin_axx set your address to .241 vs .240, .240 is the wire/network if you set an address of .241/30 you are on the .240/30 network.
-
Actually, for a point to point link, even a /31 should be valid.
-
@JKnott said in /30 network - This IPv4 address is the network address:
Actually, for a point to point link, even a /31 should be valid.
I think only TNSR works with /31, please correct me if I'm wrong about this.
If not, we could ask for a feature request, it will save some IPs for p2p links.dead on arrival, nowhere to be found.
-
@mcury said in /30 network - This IPv4 address is the network address:
I think only TNSR works with /31, please correct me if I'm wrong about this.
pfSense does work too, at least with WireGuard. But no one else does, so I wouldn't do it.
-
@mcury said in /30 network - This IPv4 address is the network address:
it will save some IPs for p2p links.
why would it matter if your just using rfc1918?
-
@johnpoz said in /30 network - This IPv4 address is the network address:
why would it matter if your just using rfc1918?
Easier to organize..
I have a lot of ipsec tunnels in a hub and spoke that would be easier to manage, but yes, I don't think it's really necessary, or worth the open of a FR. -
@mcury assign a /24 for your tunnels and that gives you 64 /30s, or use a /23 ;) that is a lot of tunnels hehehe
-
@johnpoz said in /30 network - This IPv4 address is the network address:
assign a /24 for your tunnels and that gives you 64 /30s, or use a /23 ;)
you are right :) absolutely not necessary..
-
@mcury said in /30 network - This IPv4 address is the network address:
I think only TNSR works with /31
I don't know about pfSense, but it certainly works with Linux & Cisco. IIRC, Windows still chokes on it though. On point to point links you don't need a broadcast or network address. In fact, you can get by with as little and the interface of the link.
-
@Bob-Dig said in /30 network - This IPv4 address is the network address:
But no one else does
Linux & Cisco do.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@JKnott /31 can make sense if you have limited amount of public IPs - but seems pretty pointless to worry about it if your using rfc1918 for them..
Who cares if you loose 2 IPs when you create a /30 when its rfc1918..
-
@JKnott said in /30 network - This IPv4 address is the network address:
Linux & Cisco do.
I had no luck with that on Debian but maybe I did something wrong. And I did not try elsewhere so you are most probably right.
