Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Tunnel Network

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 9.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      georgyous
      last edited by

      Hello,

      I noticed a rather strange thing with openvpn in pfsense.

      As it seems openvpn Tunnel Network can be only from the range 10.0.0.0/16, I tryed to put in something like 192.168.253.0/24 but it does not seem to work. I this a bug? am I the only one who has this problem?

      Another thing is that if I give 10.0.60.0/24 for example as the Tunnel Network the pfrsense takes it 10.0.60.1(as it should) and the first client takes 10.0.60.6 which is strange becouse it should take it 10.0.60.2

      As I understand it is not a openvpn problem becouse I have a vyatta box and I do not have the same problem with openvpn.

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        It can be on any RFC 1918 range you want (assuming it isn't in use elsewhere on your network).  I've run them on many ranges without problems.

        As for the client IP, that's normal and if you do a bit of reading you'll see that's how it usually happens.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Vayatta may config their openvpn servers differently (perhaps using tap rather than tun).

          You can use any non-overlapping RFC1918 (or even public if you really want) block for the address pool, but the way OpenVPN assigns addresses (it carves /30's out of that /24) is well documented by OpenVPN:

          http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.