Why does OpenVPNs “ifconfig-pool” option use a /30 subnet (4 private IP addresses per client) when used in TUN mode?
OpenVPN allocates one /30 subnet per client in order to provide compatibility with Windows clients due to the limitation of the TAP-Win32 driver’s TUN emulation mode. If you know that only non-Windows clients will be connecting to your OpenVPN server, you can avoid this behavior by using the ifconfig-pool-linear directive. In OpenVPN 1.6, when you had to run one OpenVPN instance per client, then it would be more like you expected: a PtP link between the server and each client. In 2.0 however, OpenVPN can handle multiple clients with only one tun interface on the server. To handle this, you can think of the PtP link you see on server as a link between the operating system and OpenVPN. Then when you’re inside OpenVPN, another PtP link needs to created to each client. If all O/S would have supported true PtP links over the tun interface, this could have been done with the OpenVPN server using only one IP address and each client using another IP address. But, as the TUN/TAP driver implemen
Related Questions
- What option can be specified as an argument to the jdk to increase the thread heap size used by the JDK in the context of the webserver?
- Why does OpenVPNs "ifconfig-pool" option use a /30 subnet (4 private IP addresses per client) when used in TUN mode?
- What is the Wealthtime Private Client Service and what can it be used for?
