Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need Clarity on IPv4 Tunnel Network Configuration for Peer-Peer Shared Key

    OpenVPN
    4
    4
    5.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      trueno
      last edited by

      If I am setting up a single peer-peer shared-key network with one server and two clients, should I specify the same exact subnet and mask value for the "IPv4 Tunnel Network" parameter in the OpenVPN configurations for the server and the two clients?  IOW does the OpenVPN process dynamically allocate p2p endpoint IP addresses for the OpenVPN tunnels or do I have to do this manually (statically)?  Is there an example somewhere?

      The reason I ask this is because looking at the routing tables, all of the remote and local subnets I also specify in the OpenVPN configuration for the server and the clients (for subnets on the lan side of each server and client) appear to have the same OpenVPN tunnel next hops (the OpenVPN next-hops do not vary by client like I would expect).

      1 Reply Last reply Reply Quote 0
      • P
        pdonner
        last edited by

        OK answered my own question.  For peer-peer shared key you need one openvpn process on the central server for each client.  What resource nightmare if the number of sites becomes large.  Was thinking it worked like PKI.

        1 Reply Last reply Reply Quote 0
        • A
          awsiemieniec
          last edited by

          … so the answer to your question is/was?  This is exactly the issue I'm trying to figure out now.

          site 1 Server (IPv4 Local Network): 192.168.59.0/30
          IPv4 Tunnel Network: 192.168.50.0/31 <-- (this could be anything, really, as long as it's not a publicly rotatable network and not the same network as "IPv4 Local Network" and "IPv4 Remote Network" (?) )
          site 2 Client (IPv4 Remote Network): 192.168.58.0/24

          Is that the basic setup?

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            site 1 Server (IPv4 Local Network): 192.168.59.0/30

            Surprised your local LAN would be "/30" - perhaps you mean 192.168.59.0/24 ?

            IPv4 Tunnel Network: 192.168.50.0/31

            You need to use "/30" mask - that gives 4 IP addresses, top and bottom unused, OpenVPN gives .1 to server and .2 to client.

            Every peer-to-peer tunnel network server-client pair must use a different subnet.
            The local LAN at every office must use a different subnet.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.