This topology uses Point-to-Point networking. Each client is allocated a virtual /30, taking 4 IPs per client, plus 4 for the server. This is the default as of OpenVPN 2.3, but not recommended for current use. This is the old topology for support with Windows clients running 2.0.9 or older clients. Note that this is not the current default. The recommended topology for modern servers. Each topology is described further in its own section below. These are available options as values to the -topology parameter in -dev tun mode. These are controlled with the -topology option. Several network topologies exist for servers configured to accept multiple client connections. Older versions of OpenVPN (before 2.0.9) or clients such as Yealink phones may require "net30". Specifies the method used to supply a virtual adapter IP address to clients when using TUN mode on IPv4.Some clients may require this be set to "subnet" even for IPv6, such as OpenVPN Connect (iOS/Android). Subnet - One IP address per client in a common subnetnet30 - Isolated /30 network per client Yep thats it, topology drop down in pfsense 2.6.0 only has 2 options listed for p2p ssl/tls, it has NO options listed for p2p psk. Had to switch back to openvpn psk to get traffic to flow again, started working instantly after changing it back Ultimately we use rules to determine what should pass, and it gets to the client vpn interface but never past either the client tunnel? or server tunnel? I spent hours trying different combinations of local and remote networks, no luck 2 but then no traffic will route, you can tcpdump and see all the normal traffic on the client tunnel interface, but nothing any any interface on the server If you switch the ip type to open each gets their own ip on the subnet, it gets. 2? this is now in reverse for only p2p ssl/tls, it gives you a. The connection will link up with ca and client certs and a tls key, but historically? /30 was used for p2p meaning. I have not tested this in 2.7.0 but something is seriously wrong with p2p ssl/tls in 2.6.0 After reading that openvpn p2p psk should be changed to p2p ssl/tls, and to prep for 2.7.0 i went to a 2.6.0 install to change over to p2p ssl/tls
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |