OpenVPN Tunnel Network
-
Hello,
I noticed a rather strange thing with openvpn in pfsense.
As it seems openvpn Tunnel Network can be only from the range 10.0.0.0/16, I tryed to put in something like 192.168.253.0/24 but it does not seem to work. I this a bug? am I the only one who has this problem?
Another thing is that if I give 10.0.60.0/24 for example as the Tunnel Network the pfrsense takes it 10.0.60.1(as it should) and the first client takes 10.0.60.6 which is strange becouse it should take it 10.0.60.2
As I understand it is not a openvpn problem becouse I have a vyatta box and I do not have the same problem with openvpn.
-
It can be on any RFC 1918 range you want (assuming it isn't in use elsewhere on your network). I've run them on many ranges without problems.
As for the client IP, that's normal and if you do a bit of reading you'll see that's how it usually happens.
-
Vayatta may config their openvpn servers differently (perhaps using tap rather than tun).
You can use any non-overlapping RFC1918 (or even public if you really want) block for the address pool, but the way OpenVPN assigns addresses (it carves /30's out of that /24) is well documented by OpenVPN: