OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: netgeek on May 07, 2018, 08:06:22 am

Title: problem with /30 and peer-to-peer OpenVPN tunnel
Post by: netgeek on May 07, 2018, 08:06:22 am

I have a peer-to-peer OpenVPN tunnel between two sites.  It works fine, with an exception.  If I make the IPv4 tunnel network a /29 or larger, the route gets added correctly:

root@opn:~ # netstat -rna | grep 172.16.1.0
172.16.1.0/29      172.16.1.2         UGS      ovpns1

However, if I make the IPv4 tunnel network a /30 (which is all that's needed for a point to point VPN), oddness occurs:

root@opn:~ # netstat -rna | grep 172.16.1.0
172.16.1.0&0xac100102 172.16.1.2      UGS      ovpns1

This ends up sending all 172/8 traffic across the tunnel, and possibly more.

I'm running opnsense 18.1.7.  Suggestions?

Title: Re: problem with /30 and peer-to-peer OpenVPN tunnel
Post by: bartjsmit on May 07, 2018, 10:55:27 am

Try setting topology to p2p in the server config file. From the OpenVPN man page:

p2p -- Use a point-to-point topology where the remote endpoint of the client's tun interface always points to the local endpoint of the server's tun interface. This mode allocates a single IP address per connecting client. Only use when none of the connecting clients are Windows systems.

Bart...

Title: Re: problem with /30 and peer-to-peer OpenVPN tunnel
Post by: netgeek on May 07, 2018, 03:30:37 pm

This feels more like a bug.  The same config works fine on pfsense.