Netgate SG-1000 microFirewall

Author Topic: OpenVPN CIDR pool  (Read 106 times)

0 Members and 1 Guest are viewing this topic.

Offline aagaag

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
OpenVPN CIDR pool
« on: January 27, 2018, 03:27:17 am »
I am preemptively apologizing for this extremely na´ve, N00b-ish question. In real life I am a medical doctor, and my knowledge of networking tech is full of huge gaps.

I need to set up an OpenVPN tunnel into my home network. The server is at internal IP address 10.10.10.2, the gateway (pfSense) has 10.10.10.1. The subnet is 255.255.0.0. The LAN devices use a pool of addresses between 10.10.10.3 and 10.10.14.255

I have set up OpenVPN on the pfSense gateway and it works in principle, but I cannot get the address pool right (in the OpenVPN settings):
  • 10.0.8.0/24 (which pfSense lists as an example) works, but of course I do not see any device in my home network.
  • 10.10.10.0/16 crashes the LAN!!!
  • 10.10.0.0/16 does not work either.

Any advice would be gratefully appreciated!
 

Offline aagaag

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: OpenVPN CIDR pool
« Reply #1 on: January 27, 2018, 07:55:39 am »
Never mind, I seem to have figured it out. 10.10.0.0/16 does the job after all.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15127
  • Karma: +1412/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: OpenVPN CIDR pool
« Reply #2 on: January 27, 2018, 08:28:57 am »
"10.10.0.0/16 does the job after all."

Does the job of what - a firewall rule?  A summary route - those are really the only valid uses of such a CIDR.. Do you have 65k some hosts you need on the same network? ;)

Use a more appropriate CIDR would be my suggestion.. Say a /24 or /23 if you have a lot of hosts..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)