Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Feedback: The tunnel network in the sample config should be set to a /30 network, not a /24 as this might lead to unexpected routing issues.
Remark: Not to be mistaken by the "net30" topology option
Updated by Jim Pingle about 2 months ago
- Status changed from New to Rejected
No, it should not. The recipe is correct. Using /30 tunnel networks is incorrect for a multi-site setup like the recipe shows.
Furthermore, using a /30 network triggers OpenVPN to use its p2p topology internally which is a code path that has a lot of problems, especially with DCO. Between that and shared key being deprecated, we'll eventually be moving all our examples to using a subnet topology with larger tunnel networks.