Difference between Interface subnet and 192.168.2.0/24
-
Yes, now checking that, the first rule works… so... why?
-
Well, because /30 is not /24 :P
net30 – Use a point-to-point topology, by allocating one /30 subnet per client.
subnet -- Use a subnet rather than a point-to-point topology by configuring the tun interface with a local IP address and subnet maskDocumentation. Also comparing the ifconfig output for both modes should be pretty much enlightening.
-
OK - So, your pfsense is a client to a vpn service and then your pfsense is also running an openvpn server to which your laptop/computer is a client while inside your own LAN? Do I have this wrong?
-
Look in /tmp/rules.debug - down the end you will see the user rules generated from the Firewall Rules tabs. You will be able to see exactly what rules it generates for OPT3. I suspect it gets a different idea about OPT3 Subnet depending if it is set to topology or not. One way may treat it as a /30 and the other as the full tunnel network range.
-
Oh, yes, I understand that. But my question was: why does OPT subnet and 192.168.2.0/24 was not the same?
I understand this IF topology is net30, so is a peer-to-peer like connection.
But the previous scheme was ALL /24. Why this doesn't work?
-
Oh, yes, I understand that. But my question was: why does OPT subnet and 192.168.2.0/24 was not the same?
Please, type ifconfig to console. For both modes. Compare the OPT3/ovpns? output.
-
OK - So, your pfsense is a client to a vpn service and then your pfsense is also running an openvpn server to which your laptop/computer is a client while inside your own LAN? Do I have this wrong?
laptop/computer is a client while I'm out (for eg. at a Strabucks coffee).
-
OK - I see.
When you VPN into your pfsense from your laptop when you are out does all that traffic then go out over the VPN pfsense is client too?
-
OK - I see.
When you VPN into your pfsense from your laptop when you are out does all that traffic then go out over the VPN pfsense is client too?
Yes.
-
haha - I see where this is going… Good one.
I take it AirVPN doesn't have a bandwidth usage cap?
-
Oh, yes, I understand that. But my question was: why does OPT subnet and 192.168.2.0/24 was not the same?
Please, type ifconfig to console. For both modes. Compare the OPT3/ovpns? output.
with net30
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::a00:27ff:fe7f:875d%ovpns2 prefixlen 64 scopeid 0x8
inet 192.168.2.1 –> 192.168.2.1 netmask 0xffffff00without inet30
ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
options=80000 <linkstate>inet6 fe80::a00:27ff:fe7f:875d%ovpns2 prefixlen 64 scopeid 0x8
inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffffff
nd6 options=3 <performnud,accept_rtadv>Opened by PID 15822</performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast></linkstate></up,pointopoint,running,multicast> -
haha - I see where this is going… Good one.
I take it AirVPN doesn't have a bandwidth usage cap?
no limitations as I know
-
Yeah. So, see:
netmask 0xffffffff = /32 (really just the OVPN IP itself, does not include any client, 192.168.2.6 certainly out)
netmask 0xffffff00 = /24 (the configured subnet) -
Yeah. So, see:
netmask 0xffffffff = /32 (really just the OVPN IP itself, does not include any client, 192.168.2.6 certainly out)
netmask 0xffffff00 = /24 (the configured subnet)why inet 192.168.2.1 –> 192.168.2.1
-
why inet 192.168.2.1 –> 192.168.2.1
What's your problem with that, again? The question has been answered already. The tunnel endpoints are the same there.
-
So, anyway - I've not been running pfsense this way before. I've only done this with a DD-WRT as client to Pfsense/Openvpn and then DD-WRT has its clients… Similar.
No one has said yet, but I'm guessing the OPT3 got created auto-magically when you created the OpenVPN client in pfsense? If so, I'm clear now.
How well is this working for you?
-
So, anyway - I've not been running pfsense this way before. I've only done this with a DD-WRT as client to Pfsense/Openvpn and then DD-WRT has its clients… Similar.
No one has said yet, but I'm guessing the OPT3 got created auto-magically when you created the OpenVPN client in pfsense? If so, I'm clear now.
How well is this working for you?
Absolutely not, I created the OPT3 to add a roadwarrior after all VPN testing from LAN –> to AirVPN were successful.
-
Yeah - See thats the part I don't understand why you need it. But if its working for you, I guess I don't need to understand necessarily.
I have road warriors and I didn't have to create an interface for them - Thats why I'm confused. -
Yeah - See thats the part I don't understand why you need it. But if its working for you, I guess I don't need to understand necessarily.
I need it because the VPN provider is one (= 1 account), but I have to protect at the same time my internal LAN clients AND roadwarrior client(s) under the same umbrella (LAN = home office; roadwarrior = mobile office).
-
Thank you doktornotor, now I understand (yeah!) 8)
