OpenVPN GUI faulty guidance

[ikkeT]

Hi,

I was going through GUI for options to set static IP for roadwarrior client. There is a fault in GUI guidance. The field in client config: IPv4 " VPN: OpenVPN: Client Specific Overrides: Tunnel Settings: Tunnel Network" states:

"This is the IPv4 virtual network used for private communications between this client and the server expressed using CIDR (eg. 10.0.8.0/24). The first network address is assumed to be the server address and the second network address will be assigned to the client virtual interface."

Sounds a lot like description for the variable that I'd need. However if I put there: "192.168.118.1 192.168.118.2" in order to get the server to use .1 and client .2 from the tunnel network, I get the error:

"The following input errors were detected:
The field 'IPv4 Tunnel Network' must contain a single valid ipv4 CIDR range."

So clearly the instruction in the GUI is wrong. I assume it would rather set the virtual client network CIDR, and the GUI is actually missing the "ifconfig-push" option that I'd need.

I would've created an issue about that, but I couldn't find the repo for this plugin.

I'd have a wish that this GUI misguidance was fixed, and the ifconfig-push option was added.

[ikkeT]

This is confusing to me. This site: https://openvpn.net/community-resources/how-to/ shows format of:

"iifconfig-push 10.8.1.1 10.8.1.2"

Where as the man page in opnsense says:

" --ifconfig-push local remote-netmask [alias]
              Push virtual IP endpoints for client tunnel, overriding the
              --ifconfig-pool dynamic allocation.
"

So the other one uses IP IP, and the other one IP ROUTE. Must be some version issue.... I try with what the man page says.

[ikkeT]

seems that ifconfig-push works kinda, but the dynamic pool will give duplicate ip addresses if the ifconfig push is set to give address from that pool. So OpenVPN isn't smart enough to avoid fixed ips given to clients while giving out the pool ips.