Virtual IP is within in my LAN-Net !!??

  • could someone please explain me the meaning of the "Vitual IP"?

    I've 2 running OpneVPN connections, where I can see a "remote ip" and a "virtual ip".
    The function of the "remote ip" is clear (my public ip to the WAN).
    But the need/use/function of the "virtual ip" is unclear to me.

    As I've set up my LAN subnet with, so both "virtual ip's" are
    within my LAN. Does this e.g. mean all my Samba-Shares could be seen by
    my vpn provider????


       Name                 Interface   Gateway     Monitor IP  Description
    1\. WAN_DHCP (default)   WAN         a.b.c.1     a.b.c.1     Interface WAN_DHCP Gateway     
    2\. VPN_P2P_DHCP         VPN_P2P     10.8.8.X    10.8.8.X    Interface VPN_P2P_DHCP Gateway     
    3\. VPN_UK_DHCP          VPN_UK      10.8.8.Y    10.8.8.Y    Interface VPN_UK_DHCP Gateway     

    I'd like to know if this could be a problem.
    As all my clients are split up like this:

    ROUTE_NO_VPN    : Hosts reside within 10.a.x.y/16  : all PC's 
    ROUTE_NO_VPN_C  : Hosts reside within 10.a.y.z/16  : all PC's where children have access to (lot off stuff is blocked)
    ROUTE_VPN_P2P   : Hosts reside within 10.b.x.y/16  : self explaining :) 
    ROUTE_VPN_UK    : Hosts reside within 10.c.x.y/16  : Anroid Boxes to access BBC
    ROUTE_PI        : Hosts reside within 10.d.x.y/16  : Home Automation (MQTT Broker, Sonoffs, Alexas)
    ROUTE_GUEST     : Hosts reside within 10.e.x.y/16  : WiFi for Guests 
    DENY_WAN        : Hosts reside within 10.f.x.y/16  : Things not alowed to phone outside

    So i'd like to keep the /8 for the LAN (if possible).

    Thanks for your help.

  • LAYER 8 Global Moderator

    "So i'd like to keep the /8 for the LAN (if possible)."

    For what possible reason would you need such a large mask… Do you have 1.6 million some hosts on this LAN?

    A /8 makes zero sense on an interface - its only uses would be firewall rules and or summary routes, etc.

    Use of such a network means that you will have nothing but issues with vpn clients that are coming from any network using 10.x.x.x address space...

    Pick a realistic network size.. Love to help you work out whatever issue it is your having - but setting such a mask is just stupid, and made a new promise to myself not to deal with stupid ;)

Log in to reply