Why is /30 not allowed for OpenVPN server tunnel subnet?
-
If I only need 2 client IP addresses why is /30 not allowed? If I try to set /30 the service won't start and I get the following in the log:
Options error: –server directive when used with --dev tun must define a subnet of 255.255.255.248 (/29) or lower
-
Because you can't use directives that require –server when it's in peer-to-peer mode (/30) with SSL/TLS.
What exact choices did you make in the GUI? If you chose Remote Access SSL/TLS, change it to Peer-to-Peer SSL/TLS instead.
-
Because you can't use directives that require –server when it's in peer-to-peer mode (/30) with SSL/TLS.
What exact choices did you make in the GUI? If you chose Remote Access SSL/TLS, change it to Peer-to-Peer SSL/TLS instead.
Yes it's set to Remote Access SSL/TLS. What does changing it to Peer-to-Peer affect?
-
It changes the visible options and some backend behavior to allow a peer-to-peer style configuration.
You shouldn't use "Remote Access" modes for site-to-site VPNs, that's what the peer-to-peer modes are for.
-
It changes the visible options and some backend behavior to allow a peer-to-peer style configuration.
You shouldn't use "Remote Access" modes for site-to-site VPNs, that's what the peer-to-peer modes are for.
This isn't a site-to-site VPN. I have one of those configured as Peer-to-Peer but this is for mine and my wife's mobile devices to be able to VPN into my home network.
-
A /30 makes no sense for remote access. OpenVPN's internal behavior changes significantly when using a /30 tunnel network, it's intended only for site-to-site VPNs.
When using a /30 the server cannot push settings and it has several other limitations.
-
A /30 makes no sense for remote access. OpenVPN's internal behavior changes significantly when using a /30 tunnel network, it's intended only for site-to-site VPNs.
When using a /30 the server cannot push settings and it has several other limitations.
Understood. Thanks for the clarification. I'll just use a /29.