Virtual IP is within in my LAN-Net !!??



  • could someone please explain me the meaning of the "Vitual IP"?

    I've 2 running OpneVPN connections, where I can see a "remote ip" and a "virtual ip".
    The function of the "remote ip" is clear (my public ip to the WAN).
    But the need/use/function of the "virtual ip" is unclear to me.

    As I've set up my LAN subnet with 10.0.0.0/8, so both "virtual ip's" are
    within my LAN. Does this e.g. mean all my Samba-Shares could be seen by
    my vpn provider????

    SYSTEM -> ROUTING -> GATEWAYS:

    
       Name                 Interface   Gateway     Monitor IP  Description
    1\. WAN_DHCP (default)   WAN         a.b.c.1     a.b.c.1     Interface WAN_DHCP Gateway     
    2\. VPN_P2P_DHCP         VPN_P2P     10.8.8.X    10.8.8.X    Interface VPN_P2P_DHCP Gateway     
    3\. VPN_UK_DHCP          VPN_UK      10.8.8.Y    10.8.8.Y    Interface VPN_UK_DHCP Gateway     
    
    

    I'd like to know if this could be a problem.
    As all my clients are split up like this:

    
    ROUTE_NO_VPN    : Hosts reside within 10.a.x.y/16  : all PC's 
    ROUTE_NO_VPN_C  : Hosts reside within 10.a.y.z/16  : all PC's where children have access to (lot off stuff is blocked)
    ROUTE_VPN_P2P   : Hosts reside within 10.b.x.y/16  : self explaining :) 
    ROUTE_VPN_UK    : Hosts reside within 10.c.x.y/16  : Anroid Boxes to access BBC
    ROUTE_PI        : Hosts reside within 10.d.x.y/16  : Home Automation (MQTT Broker, Sonoffs, Alexas)
    ROUTE_GUEST     : Hosts reside within 10.e.x.y/16  : WiFi for Guests 
    DENY_WAN        : Hosts reside within 10.f.x.y/16  : Things not alowed to phone outside
    
    

    So i'd like to keep the /8 for the LAN (if possible).

    Thanks for your help.


  • Rebel Alliance Global Moderator

    "So i'd like to keep the /8 for the LAN (if possible)."

    For what possible reason would you need such a large mask… Do you have 1.6 million some hosts on this LAN?

    A /8 makes zero sense on an interface - its only uses would be firewall rules and or summary routes, etc.

    Use of such a network means that you will have nothing but issues with vpn clients that are coming from any network using 10.x.x.x address space...

    Pick a realistic network size.. Love to help you work out whatever issue it is your having - but setting such a mask is just stupid, and made a new promise to myself not to deal with stupid ;)