Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IP is within in my LAN-Net !!??

    OpenVPN
    2
    2
    392
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LoCrux
      last edited by

      could someone please explain me the meaning of the "Vitual IP"?

      I've 2 running OpneVPN connections, where I can see a "remote ip" and a "virtual ip".
      The function of the "remote ip" is clear (my public ip to the WAN).
      But the need/use/function of the "virtual ip" is unclear to me.

      As I've set up my LAN subnet with 10.0.0.0/8, so both "virtual ip's" are
      within my LAN. Does this e.g. mean all my Samba-Shares could be seen by
      my vpn provider????

      SYSTEM -> ROUTING -> GATEWAYS:

      
   Name                 Interface   Gateway     Monitor IP  Description
1\. WAN_DHCP (default)   WAN         a.b.c.1     a.b.c.1     Interface WAN_DHCP Gateway     
2\. VPN_P2P_DHCP         VPN_P2P     10.8.8.X    10.8.8.X    Interface VPN_P2P_DHCP Gateway     
3\. VPN_UK_DHCP          VPN_UK      10.8.8.Y    10.8.8.Y    Interface VPN_UK_DHCP Gateway   

      I'd like to know if this could be a problem.
      As all my clients are split up like this:

      
ROUTE_NO_VPN    : Hosts reside within 10.a.x.y/16  : all PC's 
ROUTE_NO_VPN_C  : Hosts reside within 10.a.y.z/16  : all PC's where children have access to (lot off stuff is blocked)
ROUTE_VPN_P2P   : Hosts reside within 10.b.x.y/16  : self explaining :) 
ROUTE_VPN_UK    : Hosts reside within 10.c.x.y/16  : Anroid Boxes to access BBC
ROUTE_PI        : Hosts reside within 10.d.x.y/16  : Home Automation (MQTT Broker, Sonoffs, Alexas)
ROUTE_GUEST     : Hosts reside within 10.e.x.y/16  : WiFi for Guests 
DENY_WAN        : Hosts reside within 10.f.x.y/16  : Things not alowed to phone outside

      So i'd like to keep the /8 for the LAN (if possible).

      Thanks for your help.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        "So i'd like to keep the /8 for the LAN (if possible)."

        For what possible reason would you need such a large mask… Do you have 1.6 million some hosts on this LAN?

        A /8 makes zero sense on an interface - its only uses would be firewall rules and or summary routes, etc.

        Use of such a network means that you will have nothing but issues with vpn clients that are coming from any network using 10.x.x.x address space...

        Pick a realistic network size.. Love to help you work out whatever issue it is your having - but setting such a mask is just stupid, and made a new promise to myself not to deal with stupid ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.