SSL / TLS clients (Peer to Peer VS Client) - Relation with Server /30 tunnel VS /29 tunnel
-
Hello everyone,
i'm using pfSense as VPN Access Server. The VPN clients are other pfsense devices or debian devices that i configure on the same VPN Server using CSO for the routes push and ip assignments. I did some tests to identify the configuration differences and what is that really designates a tunnel if it is peer to peer or client.
I have notice that : if the server is configured as /30 tunnel, then the clients (pfsense and debian) need ifconfig manual assignment in the client config file to establish the tunnel. CSO is not effective. the client connection appear under peer to peer on openvpn widget. The routes pushed are only the networks in the openvpn server config.
If the server has /29 or larger range tunnel, then CSO is effective and devices can get ipaddresses from the server via CSO. ifconfig manual assignment in the client config file (for debian) and pfsense client site tunnel ip (for pfSense) is not needed. CSO is then effective. The routes pushed to the client is the routes in the openvpn server config + the routes on the CSO.
I would like some lights out and comments, to confirm if is that really the case or i'm missing something. thanks for any comments.