problem with /30 and peer-to-peer OpenVPN tunnel

Started by netgeek, May 07, 2018, 08:06:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 07, 2018, 08:06:22 AM
I have a peer-to-peer OpenVPN tunnel between two sites.  It works fine, with an exception.  If I make the IPv4 tunnel network a /29 or larger, the route gets added correctly:

root@opn:~ # netstat -rna | grep 172.16.1.0
172.16.1.0/29      172.16.1.2         UGS      ovpns1

However, if I make the IPv4 tunnel network a /30 (which is all that's needed for a point to point VPN), oddness occurs:

root@opn:~ # netstat -rna | grep 172.16.1.0
172.16.1.0&0xac100102 172.16.1.2      UGS      ovpns1

This ends up sending all 172/8 traffic across the tunnel, and possibly more.

I'm running opnsense 18.1.7.  Suggestions?
May 07, 2018, 10:55:27 AM #1
Try setting topology to p2p in the server config file. From the OpenVPN man page:

p2p -- Use a point-to-point topology where the remote endpoint of the client's tun interface always points to the local endpoint of the server's tun interface. This mode allocates a single IP address per connecting client. Only use when none of the connecting clients are Windows systems.

Bart...
May 07, 2018, 03:30:37 PM #2
This feels more like a bug.  The same config works fine on pfsense.
Print
Go Up Pages1
User actions