OpenVPN: client-config-dir in server config missing if tunnel network is not set
-
I have migrated an existing OpenVPN tls-server instance to pfSense. The server's IP address has to be the last IP in the network, i.e.,
10.8.1.254/24
and I use client-specific configuration options.pfSense's "IPv4 Tunnel Network" option does not allow a specific IP but only a network. However,
10.8.1.0/24
will take the first address of the given network for the server which is10.8.1.1
(according to OpenVPN man page).Therefore, I have to leave this entry empty and I use the custom option
ifconfig 10.8.1.254 255.255.255.0
andmode server
.However, if "Tunnel Network" is empty option
client-config-dir
will be omitted in the server configuration file. As a workaround I manually setclient-config-dir /var/etc/openvpn/server4/csc
with the absolute path which is a little bit cumbersome.This seems to be a bug because
client-config-dir
should always be set when OpenVPN is in server mode. -
Why does the server have to be the last address?
-
@jknott I have a productive environment with external networks
10.5.x.0/24
withx=1..253
.For a network
10.5.x.0/24
, the corresponding external VPN client uses a tunnel IP10.8.1.x/24
:- E.g., the VPN client for the external network
10.5.1.0/24
has a TAP interface with10.8.1.1/24
, - the external network
10.5.2.0/24
has a TAP interface with10.8.1.2/24
- and so on.
10.8.1.x
withx=1..253
is reserved for external networks. For my setup the VPN server uses the last available IP10.8.1.254
for the tunnel network because the first one is already in use.OpenVPNs'
--server
directive simplifies the setup and sets the server IP to.1
. However, there is no reason that it has to be the first available IP and not to use a custom setup. - E.g., the VPN client for the external network