OpenVPN Tun/IP mode

gsloop · August 8, 2012, 1:04am

Working to finalize an OpenVPN setup.

Again, the WIKI is horrible. Mikrotik claims [via email] that the Wiki isn’t theirs - but user maintained. But are totally evasive when prodded to produce something less than HORRIBLE themselves.

They say - “You can edit it.” I counter - “Pay me, like everyone else at Mikrotik gets paid, and I will.”
The response:

So, that ranting aside… I’m working to setup the connection for Road-warriers in TUN/IP mode.

However, there’s an oddity in the Windows OpenVPN client/adapter shim that requires the Mikrotik and the client to get IP’s in a /30 network.
So, how can I make that work if I am going to have say, 10 remote users/sessions. [The problem evidently only exists on Windows, and not on OpenVPN clients for Linux.]

It would seem I’ll have to configure 10 sets of two address blocks, thus using 10 /30 networks - or 40 IP addresses to support only 10 users.

Am I missing something - or is there some way to set this up without allocating a /30 for every client/remote session.

-Greg

roadracer96 · August 8, 2012, 1:22am

That’s a limitation of windows openvpn. Windows doesn’t like point to poin addresses on Ethernet cards and that is effectively what the openvpn adapter is.

gsloop · August 8, 2012, 4:07am

Yes, that sure appears to be the case.
[And to beat on the dead horse some more… It would sure help if the Wiki page was officially maintained and had reasonably well presented information. It simply doesn’t, and certainly doesn’t cover the limitations of IP/Tun mode well.]

So, while I’ve not thought about it at all, what would be the disadvantage of using TAP/Ethernet mode?

-Greg