OpenVPN and Client Specific Overrides with 2 networks

[Marcos]

Hello,
I just started my adventure with Opnsense 25.1. I configured OpenVPN with IP4 Tunnel Network 10.10.10.0/24. I added local network: 192.168.100.0/24. I want that user "Bob" gets different IP from network for example 10.10.12.0/24. So i created Client Specific Overrides with IP4 Tunnel Network 10.10.12.12/24.
Bob gets IP 10.10.12.12/24 but any traffic from Bobs machine don't flow by VPN to 192.168.100.0 network (all traffice goes to default gateway on client machine).
Do I need to configure anything else, routing? Rules on firewall allow traffice between 10.10.12.0/24 and 10.10.10.0/24.  When I use in Client Specific Overrides the same network like in VPN server : 10.10.10.10/24, I get that IP adress and the connection is working fine. But i want to get IP from different network.

[viragomann]

This doesn't work. The server uses the first IP in the tunnel network, so 10.10.10.1 in your case. The client has to use this IP as gateway.
If you assign an IP outside of the tunnel subnet to the client, the gateway will not be reachable and upstream traffic is sent to the default gateway.

OpenVPN assings IPs from the lowest one (10.10.10.2) upwards. So state a high IP out of the tunnel in the CSO to ensure it's unassigned, when the client connects.

If you have concerns about that the client can access each other, this is prohibited by default. You'd have to check "Inter-client communication.

[Marcos]

Ok, thank you