I setup an OVPN client/server TAP connection. The server is set like so:
Notice the /28!
/ppp profile add bridge=bridge-local local-address=ovpn-pool name=ovpn remote-address=ovpn-pool use-encryption=required /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 add name=ovpn-pool ranges=10.2.2.0/28
But when I dial the client in, I get this for an address:
Notice the /24!
[admin@ClientRouter] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 1 D 10.2.2.4/24 10.2.2.0 ovpn-out1
Is this a bug? I would expect the /28 to be preserved when it's being re-assigned to clients. On the server side, the situation is better:
And just to verify that this local address on the client does indeed make a /24 entry in the routing table:
[admin@SiteRouter] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 3 D 10.2.2.0/32 10.2.2.4 ovpn-bart
[admin@ClientRouter] > /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 1 ADC 10.2.2.0/24 10.2.2.4 test 0