Road Warrior on Class A Network
-
Hi!
Currently my local network is 10.0.0.0/8.
Is it possible to have an openvpn server, with its address range inside this local network (for example 10.1.0.0/8).
Would this work or will there be routing problems?
Thanks!
Matthias -
There will be routing issues.
To route properly, you need three unique, non-overlapping RFC 1918 subnets: The ones at each end of the tunnel, and the one used by the tunnel itself. (If your road warrior somehow has a routable IP, you only need two non-routeable subnets.)
-
Xyzzy is right, there will likely be issues if you use 10/8 for the clients if you're already using 10/8 on LAN… But there is always 192.168/16 and 172.16/12 to pull from.
There may be some hackish ways to make it sort-of work but it's all ugly really. Proper routing and network separation is the way to go... but if someone is using 10/8 as a whole on their LAN that's already heading down the wrong road... :-)
-
Unless you really, really have a few million hosts don't use a /8 for any network! Keep your netmask in line with the actual size of the network if you want to stay sane ;)
-
It can be done, but it involves using client bridging and adding custom configs to the server.
Stick with the routed solution, it's more efficient and it looks like they are eliminating bridging from 2.0 anyway.
