ifconfig option in OpenVPN server config for Peer to Peer necessary?
-
Hi,
I saw the ifconfig option (ifconfig 10.0.0.1 10.0.0.2) in my OpenVPN server config:
/var/etc/openvpn/server2/config.ovpnIs this really necessary in "Peer to Peer (SSL/TLS)" mode with "Tunnel Network 10.0.0.0/24"?
Found a old topic here and ifconfig with a IP address should only needed in "Shared Key Mode"?
https://forum.netgate.com/topic/54848/pfsense-server-ovpn-client-ifconfig-autoconfig/2
-
That's a very tough question.
After all, who remembers what was 'needed' 13 ( !! ) years ago, as that in this domain an eternity.
This is "openvpn", it changes lot all the time.
If this paramter is still there, then this is because the experts, and I presume Netgate = creator of pfSense can be considered as such, deems it 'needed'.If info exists, openvpn (open source), has a good forum with support. Try asking there ?
If it was me, I would also try the other solution : locate the place where /var/etc/openvpn/server2/config.ovpn is created, where the line "ifconfig option (ifconfig 10.0.0.1 10.0.0.2)" is added, and remove it.
Then restart the openvpn server (client) and see what happens. -
@Gertjan said in ifconfig option in OpenVPN server config for Peer to Peer necessary?:
Then restart the openvpn server (client) and see what happens.
That's one idea I had, but since the traffic is routed to the remote side via IP 10.0.0.2 this will break my connection.
It's a router to router connection, but this must also possible with the "Remote Access" mode?
So whats the exactly benefit of the peer to peer Mode?
