[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] openvpn on Debian setup

  • Subject: Re: [Openvpn-users] openvpn on Debian setup
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Fri, 22 Jun 2007 07:30:42 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID516LFVmfP0082X28

Tim Freedom wrote:
> Thanks Josh for your reply, the only reason I introduced 172.20.x.x
> was to avoid cases where the roaming laptops out there were assigned
> an IP address already in my LAN - isn't that a problem or does it even
> matter ?  In other words, assume in my LAN I have a PC with an IP address
> of and someone in their hotel room gets assigned on
> their roaming/warrior laptop (DHCP just happened to set it to that) -
> will this laptop/user be able to VPN back to the office (there would
> be a clash, no) ?  If this is indeed a problem how is this issue
> addressed otherwise I'm cool with simply using for the bridge.
> Sorry if I'm being dense just trying to figure out how to proceed.
> Thanks again...
>  .tf.

Yes, it will cause a problem if the network range overlaps with another
assigned to a mobile VPN client.  I would recommend you use a
less-common subnet, and the 172.16/12 is a good choice (I use networks
in this range for my LAN and my VPNs for that same reason.)  Also, even
if you go with a routed setup and give VPN clients their own separate
subnet from your LAN, the VPN will still be pushing your LAN network to
the client, and if this overlaps with a range the VPN client is using it
will still cause conflicts.  Normally you never want to duplicate
network segments as it almost always leads to problems.


Attachment: signature.asc
Description: OpenPGP digital signature