Look at the configuration of tun1 and tun2. [root@ipfire1 ovpn]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 3: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000 link/ether 00:c0:08:8a:a0:4c brd ff:ff:ff:ff:ff:ff inet 192.168.99.177/24 brd 192.168.99.255 scope global red0 valid_lft forever preferred_lft forever 4: blue0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN qlen 1000 link/ether bc:30:7d:58:6c:86 brd ff:ff:ff:ff:ff:ff inet 192.168.26.1/24 brd 192.168.26.255 scope global blue0 valid_lft forever preferred_lft forever 5: green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP link/ether 00:c0:08:8a:a0:4b brd ff:ff:ff:ff:ff:ff inet 192.168.25.1/24 brd 192.168.25.255 scope global green0 valid_lft forever preferred_lft forever 8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100 link/none inet 10.125.0.1 peer 10.125.0.2/32 scope global tun0 valid_lft forever preferred_lft forever 9: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100 link/none inet 10.249.25.1 peer 10.249.25.2/32 scope global tun1 valid_lft forever preferred_lft forever 10: tun2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100 link/none inet 10.249.25.1 peer 10.249.25.2/32 scope global tun2 valid_lft forever preferred_lft forever [root@ipfire1 ovpn]# ip route show default via 192.168.99.1 dev red0 metric 203 10.125.0.0/24 via 10.125.0.2 dev tun0 10.125.0.2 dev tun0 proto kernel scope link src 10.125.0.1 10.249.25.2 dev tun1 proto kernel scope link src 10.249.25.1 10.249.25.2 dev tun2 proto kernel scope link src 10.249.25.1 192.168.25.0/24 dev green0 proto kernel scope link src 192.168.25.1 192.168.26.0/24 dev blue0 proto kernel scope link src 192.168.26.1 192.168.27.0/24 via 10.249.25.2 dev tun1 192.168.99.0/24 via 10.249.25.2 dev tun1 192.168.99.0/24 dev red0 proto kernel scope link src 192.168.99.177 metric 203
This problem can be reproduced here.
*what* is the problem?
The problem is that OpenVPN subnets (applies for both N2N and RW dial-in) are always used as /16 networks. To give an example, if I specify 10.99.101.0/24 as a OpenVPN network, it is not possible to create networks in 10.99.0.0/16 anymore ("network is already used by..."). This means that even only a /24 is specified, OpenVPN (or something related here) uses a /16 internally - which causes some problems, such as that one above.
I still don't get it. Where is the /16 in the console output?
I assume this isn't a bug any more. Please reopen in case you want this to be resolved.
I think the bug is still open. I'll try to give an easy explaination: Steps to reproduce - Add OpenVPN Subnet with a /30 Network 10.0.0.4/255.255.255.252 - The ifconfig parameter in the n2nconf is 10.0.0.1 10.0.0.2 Expected ifconfig parameter in the n2nconf 10.0.0.3 10.0.0.4
Erik, are you up for another one?
Hi all, (In reply to Michael Tremer from comment #7) > Erik, are you up for another one? as a first step --> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=1edbec992e1bbf77932ce6fcd147a3522020d1dd . Open questions/work are in the commit message. Help might be nice. Best, Erik