Correction #13549: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS - pfSense Docs - pfSense bugtracker

Actions

Copy link

Correction #13549

closed

Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS

Added by Paal Andreas Lindsetmo about 2 years ago. Updated about 2 years ago.

Status:

Rejected

Priority:

Low

Assignee:

Category:

OpenVPN

Target version:

Start date:

Due date:

% Done:

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html

Feedback: The tunnel network in the sample config should be set to a /30 network, not a /24 as this might lead to unexpected routing issues.

Remark: Not to be mistaken by the "net30" topology option

Actions

Copy link

Updated by Jim Pingle about 2 years ago

Status changed from New to Rejected

No, it should not. The recipe is correct. Using /30 tunnel networks is incorrect for a multi-site setup like the recipe shows.

Furthermore, using a /30 network triggers OpenVPN to use its p2p topology internally which is a code path that has a lot of problems, especially with DCO. Between that and shared key being deprecated, we'll eventually be moving all our examples to using a subnet topology with larger tunnel networks.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Docs