• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN option "Address Pool" seems to do nothing

General pfSense Questions
2
3
1.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    token47
    last edited by Jan 14, 2014, 2:12 PM

    Hi

    I'm setting up a vpn server and while doing some tests, I found that the option "Address Pool" does nothing (the checkbox on the server configuration page). Does anyone know what it really does?

    I know what it is supposed to do, I understand that, but when I look at the generated config file, there is no difference when it's turned on or not. And the practical result is the same, it allways gives ip (like it's turned on, even when off).

    Thanks

    1 Reply Last reply Reply Quote 0
    • P
      phil.davis
      last edited by Jan 14, 2014, 3:36 PM

      I tried turning it on and off myself, with no difference to the OpenVPN servern.conf file. The setting is saved in config.xml as "pool_enable". I searched the source code on my system, and the only references to "pool_enable" are in the GUI setting and clearing. No code seems to actually use it for real.
      Does anyone know the history of this?

      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

      1 Reply Last reply Reply Quote 0
      • T
        token47
        last edited by Jan 14, 2014, 8:12 PM

        What it should do (i think) is issue or not issue the "ifconfig-pool net/mask" option in the config file (if you follow the logic). But, I found the following, from my observations:

        • if you try to use "ifconfig-pool" in the advanced options, you get an error (in the logs) saying that you cannot use ifconfig-pool and "server" at the same time, because "server" already creates a pool for you. Indeed there's a "server" option in the config.
        • the server option is not very flexible because it is kind of a ifconfig + ifconfig-pool in the same option, and the server takes the 1st address and all the rest of the entire range is reserved for the pool. I like to issue a ifconfig-pool where I use only a portion of the range, leaving another portion to static IPs in the client overrides.
        • from googling, it seems that in the old days there was a configuration text filed where you would indicate the range for dinamic assignation (just what I expected) and that would issue a separate ifconfig-pool config option (or not). I was then changed to, when on  (presumably) issue a server command taking all the range and (presumably) when off, switching that command back to a normal/simple ifconfig (which I would be happy with because it would allow me to issue a ifconfig-pool in the advanced options).

        In the current state it seems useless. But maybe I'm missing something.

        1 Reply Last reply Reply Quote 0
        2 out of 3
        • First post
          2/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.