Project

General

Profile

Actions

Correction #13549

closed

Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS

Added by Paal Andreas Lindsetmo about 2 months ago. Updated about 2 months ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html

Feedback: The tunnel network in the sample config should be set to a /30 network, not a /24 as this might lead to unexpected routing issues.

Remark: Not to be mistaken by the "net30" topology option

Actions #1

Updated by Jim Pingle about 2 months ago

  • Status changed from New to Rejected

No, it should not. The recipe is correct. Using /30 tunnel networks is incorrect for a multi-site setup like the recipe shows.

Furthermore, using a /30 network triggers OpenVPN to use its p2p topology internally which is a code path that has a lot of problems, especially with DCO. Between that and shared key being deprecated, we'll eventually be moving all our examples to using a subnet topology with larger tunnel networks.

Actions

Also available in: Atom PDF